Hello everyone, I am being running CAS 3.4.10 with no problem, until I change the SSL Cert SHA-2. I just installed SSL Certificate SHA-2 from GoDaddy successfully. The Apache Tomcat 7.0 runs perfectly with the new SHA-2 certificate. However, the Ticket Services did not work! Is there any incompatibly with SHA-2 certificate. I had to go back to SHA-1 SSL Cert to get it work. See the error bellow and please advise.
Error 500--Internal Server Error java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at org.jasig.cas.client.validation.Saml11TicketValidator.retrieveResponseFromServer(Saml11TicketValidator.java:203) at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:178) at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) at com.sghe.sso.client.web.filter.SSOValidationFilter.doFilter(Unknown Source) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209) at weblogic.work.ExecuteThread.run(ExecuteThread.java:178) Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:951) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:466) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1092) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1064) at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:452) at weblogic.security.SSL.jsseadapter.JaSSLEngine$1.run(JaSSLEngine.java:68) at weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:732) at weblogic.security.SSL.jsseadapter.JaSSLEngine.wrap(JaSSLEngine.java:66) at weblogic.socket.JSSEFilterImpl.wrap(JSSEFilterImpl.java:475) at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:133) at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:59) at weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:391) at weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:78) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) at java.io.FilterOutputStream.flush(FilterOutputStream.java:123) at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:162) at weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:256) at org.jasig.cas.client.validation.Saml11TicketValidator.retrieveResponseFromServer(Saml11TicketValidator.java:186) ... 19 more Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1462) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:200) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:192) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1074) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:128) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:529) at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:469) at java.security.AccessController.doPrivileged(Native Method) at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:888) at weblogic.socket.JSSEFilterImpl.doTasks(JSSEFilterImpl.java:231) at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:111) ... 28 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:325) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:219) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) at weblogic.security.SSL.jsseadapter.JaTrustManager.checkServerTrusted(JaTrustManager.java:113) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1066) ... 35 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:320) ... 41 more Thank you, Alex Adao -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
