To add to what Marvin already said, the certificate seems to be trusted by Firefox that I used to test it, but not by Java 6. So, even though you have a properly signed certificate that's valid till November 23, you will have to add it to cacerts.
Since I see the phrase "clearpass" in the original message, I will assume that proxy tickets are indeed required. Adam Marvin Addison wrote: >> I keep getting an "unable to find valid certification path to requested >> target" error when connecting to /proxyCallback which is a filter map >> that points to Cas20ProxyReceivingTicketValidationFilter. >> > > This is happening because the CAS server is attempting to connect to > that URL and do PKI validation in order to issue a proxy ticket to > your application. The exact cause of failure appears to be that the > certificate is not trusted by the CAS server. > > >> Both certs are the same wild card >> cert and have been added to the keyring. >> > > The certificate of your service needs to be added to the truststore > used by the CAS server, which is $JAVA_HOME/jre/lib/security/cacerts > by default. I have never worked with wildcard certs, but that may > require additional configuration to get working properly. > > You might consider whether you really need CAS proxy ticket support > for your application; if you don't, you could avoid the additional SSL > configuration altogether. > > M > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
<<attachment: arybicki.vcf>>
