This mean your tomcat can not find your certification. You can add statement in your tomcat configuration file.
keystoreFile="//jre/lib/security/cacerts/mykeystore" keystorePass="my_passwd" in your case, "mykeystore" is the name of your key and "my_passwd" is the password for your key. -jz ________________________________ From: Kaushik Chowdhury [mailto:[email protected]] Sent: Wednesday, November 21, 2012 5:19 AM To: [email protected] Subject: [cas-user] CAS throws certification error while redirecting to service Hi, I deployed demo webapp using cas-client cas-client-core-3.2.1.jar in Tomcat ver 6 and also deployed cas.jar ver 4 in the same server. The server is enabled for SSL access as configured in tomcat settings.xml <Connector SSLEnabled="true" clientAuth="false" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/> I generated key and imported to keystore C:\Program Files\Java\jdk1.6.0_33\bin>keytool -genkey -alias tomcat -keypass cha ngeit -keyalg RSA Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: A15036A1D.corp.ads.valuelabs.net What is the name of your organizational unit? [Unknown]: valuelabs What is the name of your organization? [Unknown]: valuelabs What is the name of your City or Locality? [Unknown]: hydp What is the name of your State or Province? [Unknown]: ap What is the two-letter country code for this unit? [Unknown]: in Is CN=A15036A1D.corp.ads.valuelabs.net, OU=valuelabs, O=valuelabs, L=hyd, ST=ap, C=in correct? [no]: yes C:\Program Files\Java\jdk1.6.0_33\bin>keytool -export -alias tomcat -keypass cha ngeit -file server.crt Enter keystore password: Certificate stored in file <server.crt> C:\Program Files\Java\jdk1.6.0_33\bin>keytool -import -file server.crt -keypass changeit -keystore ..\jre\lib\security\cacerts Enter keystore password:changeit Owner: CN=A15036A1D.corp.ads.valuelabs.net, OU=valuelabs, O=valuelabs, L=hyd, ST =ap, C=in Issuer: CN=A15036A1D.corp.ads.valuelabs.net, OU=valuelabs, O=valuelabs, L=hyd, S T=ap, C=in Serial number: 50ab4c3f Valid from: Tue Nov 20 14:54:15 GMT+05:30 2012 until: Mon Feb 18 14:54:15 GMT+05 :30 2013 Certificate fingerprints: MD5: 04:57:C9:22:5F:EA:BC:8D:8E:2A:A9:29:56:2D:5C:BF SHA1: 91:A1:3E:58:31:63:1F:0B:CD:CE:DE:E2:FB:E0:F3:D5:83:CA:3A:CD Signature algorithm name: SHA1withRSA Version: 3 Trust this certificate? [no]: yes Certificate was added to keystore The .keystore file is in root C:\.keystore When the webapp comes up I click for protected access that takes me to cas login page wherein I type credentials as test\test. On clicking login and after successfully authenticating, it throws up error while redirecting to https://a15036a1d.corp.ads.valuelabs.net:8443/mywebapp/protected/?ticket=ST-2-4ojPdQvWnosfQ1eDV5TP-cas01.example.org as java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:341) org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305) org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:207) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169) org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:116) root cause javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:326) org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305) org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:207) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169) org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:116) -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
