I'm assuming you're trying to access /cas/validate from a client application, is that correct? The documentation here<https://wiki.jasig.org/display/CASUM/SSL+Troubleshooting+and+Reference+Guide>says to import the CAS Server certificate into the client JVM's keystore, which it seems you've tried, but I've also had this error occur the other way around, when I needed to add the *client* certificate to the CAS Server truststore.
Could you provide a little more context for your setup and maybe a snippet from your *server.xml* for Tomcat? Evan Sheffield iVantage Health Analytics On Thu, Oct 25, 2012 at 8:06 PM, Jonathan <[email protected]> wrote: > Changeit worked! I imported the certificate. > > But I am still getting the error > > Exception in thread "main" javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown > Source) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) > > What else should I try? > > Thanks > Jonathan > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- Evan Sheffield *Developer* iVantage Health Analytics™ | Formerly HMC, Inc. 300 Chestnut Street, Suite 101 | Needham, MA 02492 o: 781.449.5287 | f: 781.449.8058 email: [email protected] web: www.iVantageHealth.com<http://www.ivantagehealth.com/> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
