I've been working in a test system trying to get a self-signed certificate applied to both cas and uportal and have a couple questions. Since this overlaps both cas and uportal, I'm posting to both forums.
1) Can the certificate be applied at the apache level or does it have to be applied on the tomcat level? (I've been trying to make it work with apache...and have been receiving the error posted below) 2) Once the ssl works, do I simply remove the BROKEN_SECURITY_ALLOW_NON_SSL init parameter from the uportal web.xml? ------------------------------------------------------ exception javax.servlet.ServletException: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator BROKEN SECURITY MODE SUITABLE ONLY FOR DEMO PURPOSES casValidateUrl=[https://portap3/cas/serviceValidate] proxyCallbackUrl=[https://portap3/CasProxyServlet] ticket=[ST-1-cAFdfHIiYkx1y1DY6gna-cas] service=[https%3A%2F%2Fportap3%2FLogin] renew=false]]] edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:345) root cause edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator BROKEN SECURITY MODE SUITABLE ONLY FOR DEMO PURPOSES casValidateUrl=[https://portap3/cas/serviceValidate] proxyCallbackUrl=[https://portap3/CasProxyServlet] ticket=[ST-1-cAFdfHIiYkx1y1DY6gna-cas] service=[https%3A%2F%2Fportap3%2FLogin] renew=false]]] edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:54) edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:393) edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:342) root cause javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611) com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187) com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181) com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035) com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124) com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516) com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454) com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884) com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123) sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434) sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1049) com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204) edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:91) edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:218) edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52) edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:393) edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:342) -- Curtis Garman Web Programmer Heartland Community College -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
