Does CAS work with SAN certs for proxy authentication? Our Exchange OWA servers use a SAN cert which has been imported into cacerts and the tomcat keystore. We are still getting:
<Attempting to resolve credentials for [callbackUrl: https://exchangeserver.cortland.edu/coa?proxyResponse=true]> 2013-06-27 13:54:07,985 ERROR [org.jasig.cas.util.HttpClient] - <sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target All of the hostnames in the SAN cert are correct and the hostnames (fqdn) in the log reference the ones in the cert. We have also imported the cas cert into the owa server. These are Entrust certs do I need to import the entire chain? _________________________________ Joshua Peluso 00' [email protected]<mailto:[email protected]> Director Systems Administration and Web Services SUNY Cortland Phone: 607-753-5617 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
