> So that means that either 1) one of the CAS client webpapps is running a > self-signed cert or 2) my CA Root database is out of date, correct?
Those are two common causes of trust errors, sure. The fact that you're seeing this on the CAS server means it's probably a proxy callback that's failing; could also be the single sign-out callback if you're using that at your place. Those use cases might help you figure out which service certificate has changed. If more information about the exact cause of the cert check failure would help, you can do an SSL trace by setting the system property -Djavax.net.debug=ssl, which will dump the trace to STDOUT, which is $TOMCAT_HOME/logs/catalina.out on Tomcat. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
