Is there a reason not to use the default location? Curtis
On Mon, Oct 12, 2009 at 9:54 PM, Jon Gorrono <[email protected]> wrote: > .....and you can set a different location than the default by using > something like this in your CATALINA_OPTS env var: > > -Djavax.net.trustStore=path_to_truststore > > On Mon, Oct 12, 2009 at 6:31 PM, Marvin Addison > <[email protected]> wrote: >>> 1) Can the certificate be applied at the apache level or does it have >>> to be applied on the tomcat level? >> >> Neither. The exception you quoted below is an SSL trust problem with >> the JVM and has nothing to do with the key/truststores used by Tomcat: >> >>> javax.net.ssl.SSLHandshakeException: >>> sun.security.validator.ValidatorException: PKIX path building failed: >>> sun.security.provider.certpath.SunCertPathBuilderException: unable to >>> find valid certification path to requested target >> >> You must install the self-signed certificate of the CAS server into >> the system truststore on the portal host. The default location of the >> system truststore is $JAVA_HOME/jre/lib/security/cacerts. >> >>> 2) Once the ssl works, do I simply remove the >>> BROKEN_SECURITY_ALLOW_NON_SSL init parameter from the uportal web.xml? >> >> In order to get proxy ticket validation working, the CAS server must >> also trust the certificate presented by the portal. In your case >> where you're using a self-signed cert for uPortal as well, you'll need >> to import the portal certificate into the CAS server system >> truststore. In the end you import the self-signed certs of both hosts >> into the system truststores of their partners. >> >> M >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > > > -- > Jon Gorrono > PGP Key: 0x5434509D - > http{pgp.mit.edu:11371/pks/lookup?search=0x5434509D&op=index} > Thawte Notary - https{www.thawte.com/cgi/personal/wot/directory.exe?node=312} > GSWoT Introducer - {GSWoT:US75 5434509D Jon P. Gorrono <jpgorrono - > gswot.org>} > http{ats.ucdavis.edu} > > Sent from Davis, CA, United States > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- Curtis Garman Web Programmer Heartland Community College -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
