Hi, I found this link usefull for SSL related issues<http://nodsw.com/blog/leeland/2006/12/06-no-more-unable-find-valid-certification-path-requested-target>
On Wed, Nov 21, 2012 at 9:25 PM, Zhang, Jonathan <[email protected]>wrote: > ** > > This mean your tomcat can not find your certification.**** > > ** ** > > You can add statement in your tomcat configuration file. **** > > ** ** > > keystoreFile=”//jre/lib/security/cacerts/mykeystore” > keystorePass=”my_passwd”**** > > ** ** > > in your case, “mykeystore” is the name of your key and “my_passwd” is the > password for your key.**** > > ** ** > > -jz**** > > ** ** > ------------------------------ > > *From:* Kaushik Chowdhury [mailto:[email protected]] > *Sent:* Wednesday, November 21, 2012 5:19 AM > *To:* **[email protected]** > *Subject:* [cas-user] CAS throws certification error while redirecting to > service**** > > ** ** > > Hi,**** > > ** ** > > I deployed demo webapp using cas-client cas-client-core-3.2.1.jar in > Tomcat ver 6 and also deployed cas.jar ver 4 in the same server. The server > is enabled for SSL access as configured in tomcat settings.xml**** > > ** ** > > <Connector SSLEnabled="true" clientAuth="false" maxThreads="150" > port="8443" protocol="HTTP/1.1" scheme="https" secure="true" > sslProtocol="TLS"/>**** > > ** ** > > I generated key and imported to keystore**** > > ** ** > > *C:\Program Files\Java\jdk1.6.0_33\bin>keytool -genkey -alias tomcat > -keypass cha* > > *ngeit -keyalg RSA* > > *Enter keystore password:* > > *Re-enter new password:* > > *What is your first and last name?* > > * [Unknown]: A15036A1D.corp.ads.valuelabs.net* > > *What is the name of your organizational unit?* > > * [Unknown]: valuelabs* > > *What is the name of your organization?* > > * [Unknown]: valuelabs* > > *What is the name of your City or Locality?* > > * [Unknown]: hydp* > > *What is the name of your State or Province?* > > * [Unknown]: ap* > > *What is the two-letter country code for this unit?* > > * [Unknown]: in* > > *Is CN=A15036A1D.corp.ads.valuelabs.net, OU=valuelabs, O=valuelabs, > L=hyd, ST=ap,* > > * C=in correct?* > > * [no]: yes* > > ** ** > > ** ** > > *C:\Program Files\Java\jdk1.6.0_33\bin>keytool -export -alias tomcat > -keypass cha* > > *ngeit -file server.crt* > > *Enter keystore password:* > > *Certificate stored in file <server.crt>* > > * * > > *C:\Program Files\Java\jdk1.6.0_33\bin>keytool -import -file server.crt > -keypass changeit -keystore ..\jre\lib\security\cacerts* > > *Enter keystore password:changeit* > > *Owner: CN=A15036A1D.corp.ads.valuelabs.net, OU=valuelabs, O=valuelabs, > L=hyd, ST* > > *=ap, C=in* > > *Issuer: CN=A15036A1D.corp.ads.valuelabs.net, OU=valuelabs, O=valuelabs, > L=hyd, S* > > *T=ap, C=in* > > *Serial number: 50ab4c3f* > > *Valid from: Tue Nov 20 14:54:15 GMT+05:30 2012 until: Mon Feb 18 > 14:54:15 GMT+05* > > *:30 2013* > > *Certificate fingerprints:* > > * MD5: 04:57:C9:22:5F:EA:BC:8D:8E:2A:A9:29:56:2D:5C:BF* > > * SHA1: > 91:A1:3E:58:31:63:1F:0B:CD:CE:DE:E2:FB:E0:F3:D5:83:CA:3A:CD* > > * Signature algorithm name: SHA1withRSA* > > * Version: 3* > > *Trust this certificate? [no]: yes* > > *Certificate was added to keystore* > > ** ** > > ** ** > > The .keystore file is in root **** > > ** ** > > C:\.keystore**** > > ** ** > > When the webapp comes up I click for protected access that takes me to cas > login page wherein I type credentials as test\test. On clicking login and > after successfully authenticating, it throws up error while redirecting to > **** > > ** ** > > > https://a15036a1d.corp.ads.valuelabs.net:8443/mywebapp/protected/?ticket=ST-2-4ojPdQvWnosfQ1eDV5TP-cas01.example.org > **** > > ** ** > > as **** > > ** ** > > java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target**** > > > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:341) > **** > > > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305) > **** > > > org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50) > **** > > > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:207) > **** > > > org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169) > **** > > > org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:116) > **** > > *root cause* **** > > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target**** > > com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) > **** > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)** > ** > > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)*** > * > > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)*** > * > > > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown > Source)**** > > > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) > **** > > com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) > **** > > com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown > Source)**** > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown > Source)**** > > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown > Source)**** > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > Source)**** > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > Source)**** > > sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) > **** > > > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown > Source)**** > > sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown > Source)**** > > > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown > Source)**** > > > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:326) > **** > > > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305) > **** > > > org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50) > **** > > > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:207) > **** > > > org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169) > **** > > > org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:116) > **** > > ** ** > > ** ** > > -- > > You are currently subscribed to **[email protected]** as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user**** > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- Best Regards Mordechai Tamam -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
