Actually, it is not the station.. Because, when i install a clean jboss portal , and make ssl configurations WITHOUT CAS, İt works very well. ClientAuthentication also Works.
However, when i started to use CAS, it Works without clientAuth. But It doesnt work with clientAuth.. I couldnt find a solution for 2 weeks.. _____ From: Andrew Feller [mailto:[email protected]] Sent: Tuesday, June 30, 2009 4:22 PM To: [email protected] Subject: Re: [cas-user] Received fatal alert: bad_certificate Nedim, The clientAuth attribute signals that you want users to have a valid certificate, so I assume your client doesn’t have one or the one it has is invalid. Tomcat 5.5 HTTP Connector configuration: HYPERLINK "http://tomcat.apache.org/tomcat-5.5-doc/config/http.html"http://tomcat.apache.org/tomcat-5.5-doc/config/http.html HTH, A- On 6/30/09 7:36 AM, "Nedim Ozan Tekin" <[email protected]> wrote: I want to try to use ClientAuthentication in CAS. My server.xml is <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="true" sslProtocol="TLS" keystoreFile= "/portalkeystore/keystore" keystorePass="changeit" truststoreFile="/mms/java/jdk1.5.0_18/jre/lib/security/cacerts" truststorePass="changeit" /> With clientAuth="false" everything is OK. But when I change clientAuth="true" , the browsers open a window to select client cert, I choose and portal home page comes, but simultaneously it gives below error. 14:54:20,892 ERROR [STDERR] javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate 14:54:20,894 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) 14:54:20,894 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117) 14:54:20,895 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1650) 14:54:20,896 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925) 14:54:20,896 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1428) 14:54:20,896 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:103) 14:54:20,897 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:591) 14:54:20,897 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:698) 14:54:20,897 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:624) 14:54:20,898 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:160) 14:54:20,898 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) 14:54:20,899 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) 14:54:20,899 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:877) 14:54:20,900 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1089) 14:54:20,900 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1116) 14:54:20,900 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1100) 14:54:20,901 ERROR [STDERR] at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) 14:54:20,901 ERROR [STDERR] at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) 14:54:20,902 ERROR [STDERR] at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:949) 14:54:20,902 ERROR [STDERR] at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234) 14:54:20,902 ERROR [STDERR] at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:52) 14:54:20,903 ERROR [STDERR] at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:138) 14:54:20,903 ERROR [STDERR] at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50) 14:54:20,904 ERROR [STDERR] at org.jboss.portal.identity.sso.cas.CASAuthenticationValve.getAuthenticatedUser(CASAuthenticationValve.java:272) 14:54:20,904 ERROR [STDERR] at org.jboss.portal.identity.sso.cas.CASAuthenticationValve.invoke(CASAuthenticationValve.java:208) 14:54:20,905 ERROR [STDERR] at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) 14:54:20,905 ERROR [STDERR] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) 14:54:20,906 ERROR [STDERR] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) 14:54:20,906 ERROR [STDERR] at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) 14:54:20,907 ERROR [STDERR] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) 14:54:20,907 ERROR [STDERR] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) 14:54:20,907 ERROR [STDERR] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) 14:54:20,908 ERROR [STDERR] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) 14:54:20,908 ERROR [STDERR] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) 14:54:20,909 ERROR [STDERR] at java.lang.Thread.run(Thread.java:595) What this problem means? SecureURL class, there is a method named retrieve, in this method, a connection Is created, but there is no cert. around. It may be the problem? So how can obtain my x509 certs. In secure url? Or any other solution that you know? Plase help me… Dikkat: Bu elektronik posta mesaji kisisel ve ozeldir. Eger size gonderilmediyse lutfen gondericiyi bilgilendirip mesaji siliniz.Firmamiza gelen ve giden mesajlar virus taramasindan gecirilmektedir.Mesajdaki gorusler gondericiye ait olup HAVELSAN A.S. resmi gorusu olmak zorunda degildir. Attention: This e-mail message is private and privileged.If you are not the recipient for whom this e-mail message is intended, please notify the sender immediately and delete this e-mail message from your system.All sent and received e-mail messages go through a virus scan in our company. Any opinions presented in this e-mail message are solely those of the author and do not necessarily represent HAVELSAN A.S.`s formal and authorized views. -- Andrew Feller, Analyst LSU University Information Services 200 Frey Computing Services Center Baton Rouge, LA 70803 Office: 225.578.3737 Fax: 225.578.6400 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user __________ NOD32 4199 (20090630) Bilgi __________ Bu mesaj NOD32 Antivirüs Sistemi tarafýndan kontrol edilmiþtir. HYPERLINK "http://www.nod32.com.tr"http://www.nod32.com.tr Internal Virus Database is out-of-date. Checked by AVG. Version: 7.5.557 / Virus Database: 270.12.10/2088 - Release Date: 4/30/2009 6:01 AM Internal Virus Database is out-of-date. Checked by AVG. Version: 7.5.557 / Virus Database: 270.12.10/2088 - Release Date: 4/30/2009 6:01 AM Dikkat: Bu elektronik posta mesaji kisisel ve ozeldir. Eger size gonderilmediyse lutfen gondericiyi bilgilendirip mesaji siliniz.Firmamiza gelen ve giden mesajlar virus taramasindan gecirilmektedir.Mesajdaki gorusler gondericiye ait olup HAVELSAN A.S. resmi gorusu olmak zorunda degildir. Attention: This e-mail message is private and privileged.If you are not the recipient for whom this e-mail message is intended, please notify the sender immediately and delete this e-mail message from your system.All sent and received e-mail messages go through a virus scan in our company. Any opinions presented in this e-mail message are solely those of the author and do not necessarily represent HAVELSAN A.S.`s formal and authorized views. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
