Re: [cas-user] Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] for the first time in production environment

[Sander Bos]

Hello Kavita, as was mentioned before the usual suspect for this error is the cacerts file, and if I understand what you are saying now it does not matter what options you use it does not work? (because then the options do not really matter). You also mentioned the problems started after a Java upgrade, which could (although it should not) overwrite the cacerts file. Have you already done a command like     keytool -list -v -file "\path\to\jre\lib\security\cacerts" to see whether your certificate is really still in there (password is changeit). If there are certificates in there. Do the dates etc. look okay? Then personally, I never trust what I am looking at (I have about 10 JDKs on my system, so 10 cacerts files), are you sure that that cacerts file is really used. You can use a tool like procmon to filter on paths containing 'cacerts', then start up tomcat and double check that the path cacerts is found under matches the path you used in the command before. Met vriendelijke groet, Sander Bos Developer Finalist IT Group Never stop developing! E: sander....@finalist.com T: +31 88 217 0 856 Kavita Tipnis schreef: My error is back again now even though it was working yesterday, exactly the same settings nothing different. I can't pin it down if it is the jvm that is crashing or the cas or tomcat. Thank You :( On Thu, Jul 23, 2009 at 10:42 AM, Kavita Tipnis <kavitatip...@gmail.com> wrote: I have been modifying my JAVA_OPTS settings under catalina.bat for Tomcat but CAS keeps firing this error, so I am completely clueless as to why is CAS errorring out if I make any changes to the JVM memory options?? Any help on this would be really appreciated, thank you currently my JVM settings are -Xms256M and -Xmx256M and when I try to set the -XX:MaxPermSize:128M, the cas shows this error even if the Tomcat starts smoothly. Now, I have removed the -XX:MaxPermSize:128M and CAS is still showing the same error Thanks! Kavita On Tue, Jul 21, 2009 at 3:52 PM, Kavita Tipnis <kavitatip...@gmail.com> wrote: Would this be a Tomcat bug/issue? Thank you. Kavita On Tue, Jul 21, 2009 at 3:10 PM, Kavita Tipnis <kavitatip...@gmail.com> wrote: I get it now. Here is something very weird After reconfiguring all the changes on my test environment(it works fine now), I wanted to make the same changes to production environment, but instead I just reinstalled Tomcat as a service and the 'Unable to validate ProxyTicketValidator' error message did not show up. As a result I am confused right now,because yesterday I made changes to increase the heap size in Tomcat and modified the service.bat file that comes with Tomcat.(Also the JAVA_OPTS environment variable is modified) ---- I know this has nothing to do with CAS, but today, I started getting the ProxyTicketValidator Error. To fix this on the production server I just resinstalled service.bat as a windows service and the error was gone. I spent more than 4 hrs and got a good solution and understanding of the ProxyTicketValidator and SSL trust issue but seems like the error was misleading (because I only changed environment variables for increasing heap size). Thank You, Kavita On Tue, Jul 21, 2009 at 2:54 PM, Marvin Addison <marvin.addi...@gmail.com> wrote: > But the Tomcat documentation does not mention that. It has nothing to do with Tomcat, so would not be mentioned in that context.  The "infamous" ProxyTicketValidator you are getting is caused by a connection initiated by a Java class to the CAS server. The root cause an SSL trust issue between the JVM running your application and the certificate presented by the CAS server.  The system keystore, $JAVA_HOME/jre/lib/security/cacerts, is the keystore that matters in that case. M -- You are currently subscribed to cas-user@lists.jasig.org as: kavitatip...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- Kavita Tipnis -- Kavita Tipnis -- Kavita Tipnis -- Kavita Tipnis -- You are currently subscribed to cas-user@lists.jasig.org as: sander....@finalist.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user