The certificate you have installed on the Apache server does not honor the one public IP address. Rather, it should be mapped and issued to the fully qualified host name of the servers. I suppose that you either have to obtain certificates for the servers you work with, or another workaround would be to perhaps opt into using wildcard certs for your domain.
-Misagh On 5/23/2012 6:56 AM, Sreejith wrote: > Dear All, > I have seven applications deployed over different instances of tomcat > spanning across 3 servers (roughly two tomcat instances per server). Tomcat I > am using is 7.0.4. I have one public Ip mapped to my appache server using > which I am connecting to all my application and CAS server. All my web > applications are java based and the version of java is 1.7 > > I have got a CA signed certificate which I have installed on all the servers. > After autheticating using cas, I am getting the following exception. Please > help me to sort out the issue. > > java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > > > org.jasig.cas.client.validation.Saml11TicketValidator.retrieveResponseFromServer(Saml11TicketValidator.java:203) > > > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:178) > > > org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) > > > org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102) > > > org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:110) > > > in.nic.pes.lgd.common.AuthenticationFilter.doFilter(AuthenticationFilter.java:212) > > > > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
