Hi,
I deployed demo webapp using cas-client cas-client-core-3.2.1.jar in Tomcat
ver 6 and also deployed cas.jar ver 4 in the same server. The server is
enabled for SSL access as configured in tomcat settings.xml
<Connector SSLEnabled="true" clientAuth="false" maxThreads="150" port="8443"
protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>
I generated key and imported to keystore
C:\Program Files\Java\jdk1.6.0_33\bin>keytool -genkey -alias tomcat -keypass
cha
ngeit -keyalg RSA
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: A15036A1D.corp.ads.valuelabs.net
What is the name of your organizational unit?
[Unknown]: valuelabs
What is the name of your organization?
[Unknown]: valuelabs
What is the name of your City or Locality?
[Unknown]: hyd
What is the name of your State or Province?
[Unknown]: ap
What is the two-letter country code for this unit?
[Unknown]: in
Is CN=A15036A1D.corp.ads.valuelabs.net, OU=valuelabs, O=valuelabs, L=hyd,
ST=ap,
C=in correct?
[no]: yes
C:\Program Files\Java\jdk1.6.0_33\bin>keytool -export -alias tomcat -keypass
cha
ngeit -file server.crt
Enter keystore password:
Certificate stored in file <server.crt>
C:\Program Files\Java\jdk1.6.0_33\bin>keytool -import -file server.crt
-keypass changeit -keystore ..\jre\lib\security\cacerts
Enter keystore password:changeit
Owner: CN=A15036A1D.corp.ads.valuelabs.net, OU=valuelabs, O=valuelabs,
L=hyd, ST
=ap, C=in
Issuer: CN=A15036A1D.corp.ads.valuelabs.net, OU=valuelabs, O=valuelabs,
L=hyd, S
T=ap, C=in
Serial number: 50ab4c3f
Valid from: Tue Nov 20 14:54:15 GMT+05:30 2012 until: Mon Feb 18 14:54:15
GMT+05
:30 2013
Certificate fingerprints:
MD5: 04:57:C9:22:5F:EA:BC:8D:8E:2A:A9:29:56:2D:5C:BF
SHA1: 91:A1:3E:58:31:63:1F:0B:CD:CE:DE:E2:FB:E0:F3:D5:83:CA:3A:CD
Signature algorithm name: SHA1withRSA
Version: 3
Trust this certificate? [no]: yes
Certificate was added to keystore
The .keystore file is in root
C:\.keystore
When the webapp comes up I click for protected access that takes me to cas
login page wherein I type credentials as test\test. On clicking login and
after successfully authenticating, it throws up error while redirecting to
https://a15036a1d.corp.ads.valuelabs.net:8443/mywebapp/protected/?ticket=ST-
2-4ojPdQvWnosfQ1eDV5TP-cas01.example.org
as
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java
:341)
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java
:305)
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.r
etrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50
)
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(Abs
tractUrlBasedTicketValidator.java:207)
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(Abst
ractTicketValidationFilter.java:169)
org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(Authentica
tionFilter.java:116)
root cause
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknow
n Source)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
Source)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
Source)
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java
:326)
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java
:305)
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.r
etrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50
)
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(Abs
tractUrlBasedTicketValidator.java:207)
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(Abst
ractTicketValidationFilter.java:169)
org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(Authentica
tionFilter.java:116)
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
