Hi, We are working to setup CAS server version - 3.5.2 to work with our secure LDAP server. However, running into issues with the SSL handshake. We get exception:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I tried incorporating all troubleshooting stuff mentioned in following link: https://wiki.jasig.org/display/casum/ssl+troubleshooting+and+reference+guide, still running into the same issue. So, given below is the SSL trace obtained from my tomcat. Would somebody be able to help us out here and mention what is going wrong, and how to fix the same? Really appreciate your help here. Regards, Venkatesh SSL trace: ======== Is initial handshake: true Is secure renegotiation: false http-bio-8443-exec-5, setSoTimeout(3000) called %% No cached client session *** ClientHello, TLSv1 RandomCookie: GMT: 1428389663 bytes = { 107, 68, 168, 45, 221, 151, 251, 41, 43 , 169, 18, 242, 142, 0, 79, 93, 30, 204, 181, 254, 173, 49, 156, 242, 99, 224, 2 07, 2 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128 _CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS _ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WI TH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128 _SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WI TH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_E DE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_ DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INF O_SCSV] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp19 2r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1 , sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, s ect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed] *** http-bio-8443-exec-5, WRITE: TLSv1 Handshake, length = 149 http-bio-8443-exec-5, READ: TLSv1 Handshake, length = 5089 *** ServerHello, TLSv1 RandomCookie: GMT: 1428389663 bytes = { 249, 216, 159, 16, 62, 117, 92, 153, 37 , 122, 171, 186, 182, 204, 148, 71, 198, 113, 223, 0, 227, 187, 48, 1, 215, 161, 252, 189 } Session ID: {8, 56, 0, 0, 23, 230, 106, 155, 234, 191, 212, 35, 42, 164, 246, 7 2, 47, 146, 174, 115, 25, 64, 143, 7, 11, 54, 26, 6, 125, 239, 205, 71} Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA Compression Method: 0 Extension renegotiation_info, renegotiated_connection: <empty> *** %% Initialized: [Session-2, TLS_RSA_WITH_AES_128_CBC_SHA] ** TLS_RSA_WITH_AES_128_CBC_SHA *** Certificate chain chain [0] = [ [ Version: V3 Subject: Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 1024 bits modulus: 123587049144444449866062873316371894902716725437121501991374083492415 21336397423864928961495010744530119809441226215782787448955326099692069963007787 00088167939390598502948672895684688614282870790423689814626939394613797008369843 21137000130555242549253625882064313063982563252949590488818446778990478859280853 public exponent: 65537 Validity: [From: Fri Sep 05 05:01:29 IST 2014, To: Sat Sep 05 05:01:29 IST 2015] Issuer: CN=HMAIssuingCA, DC=hma, DC=com SerialNumber: [ 18f3696d 00000066 714e] Certificate Extensions: 9 [1]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=false Extension unknown: DER encoded OCTET string = 0000: 04 28 30 26 30 0A 06 08 2B 06 01 05 05 07 03 02 .(0&0...+....... 0010: 30 0A 06 08 2B 06 01 05 05 07 03 01 30 0C 06 0A 0...+.......0... 0020: 2B 06 01 04 01 82 37 14 02 02 +.....7... [2]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false Extension unknown: DER encoded OCTET string = 0000: 04 2A 30 28 06 20 2B 06 01 04 01 82 37 15 08 87 .*0(. +.....7... 0010: B5 A4 60 83 E7 8D 54 84 ED 85 1B 83 FB D9 4C 85 ..`...T.......L. 0020: D8 91 7E 27 01 1C 02 01 6E 02 01 00 ...'....n... [3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: ldap:///CN=HMAIssuingCA,CN=AIA,CN=Public%20Key%20Ser vices,CN=Services,CN=Configuration,DC=hma,DC=com?cACertificate?base?objectClass= certificationAuthority , accessMethod: caIssuers accessLocation: URIName: http://pki.hma.com/CertEnroll/000TIER2CA01.hma.com_H MAIssuingCA.crt ] ] [4]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 0A 11 AC D4 3C 0D 15 9D F6 CE 86 BB 32 ED 38 2E ....<.......2.8. 0010: 93 CA F5 E2 .... ] ] [5]: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: ldap:///CN=HMAIssuingCA,CN=000TIER2CA01,CN=CDP,CN=Public%20Key%20 Services,CN=Services,CN=Configuration,DC=hma,DC=com?certificateRevocationList?ba se?objectClass=cRLDistributionPoint, URIName: http://pki.hma.com/CertEnroll/HMAI ssuingCA.crl] ]] [6]: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ clientAuth serverAuth 1.3.6.1.4.1.311.20.2.2 ] [7]: ObjectId: 2.5.29.15 Criticality=false KeyUsage [ DigitalSignature Key_Encipherment ] [8]: ObjectId: 2.5.29.17 Criticality=true SubjectAlternativeName [ DNSName: 00aDC02.hma.com ] [9]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: C4 CC A6 1D D9 93 CA 64 35 68 EB 4C 93 A6 DB 0F .......d5h.L.... 0010: 47 02 13 57 G..W ] ] ] Algorithm: [SHA256withRSA] Signature: 0000: AE 27 CF A8 DA B2 94 8A 3B 62 49 2E 6F B8 F6 96 .'......;bI.o... 0010: 2B 77 67 3A 16 CA 1D 95 84 C2 2A B3 FA 94 44 00 +wg:......*...D. 0020: D1 66 E3 EF 89 08 6A 71 7F 24 10 C8 18 4F A8 E8 .f....jq.$...O.. 0030: 34 C7 24 C4 CE 6D D1 D8 5E 94 28 14 76 11 38 81 4.$..m..^.(.v.8. 0040: 7B 82 2F C0 29 5A C1 4C 08 65 09 EC 33 2F 4B 84 ../.)Z.L.e..3/K. 0050: 2F 6A 84 63 73 35 E6 F3 32 C5 BD 43 E9 36 F1 A2 /j.cs5..2..C.6.. 0060: 9C 2A 0F DB 45 28 5E 99 69 D8 F9 94 2C 5A 72 76 .*..E(^.i...,Zrv 0070: 47 78 AA A3 92 B3 37 F1 65 A7 EC BF 0D 06 82 9E Gx....7.e....... 0080: A4 A4 2F 9C AD 39 95 5B B1 A3 3A DB B4 A9 D7 CA ../..9.[..:..... 0090: 94 6E F4 E5 8B 14 07 7D D8 77 F1 9A 33 18 DC F7 .n.......w..3... 00A0: E1 57 FF EB 89 12 3A BF 6C 9E E6 56 F0 9F 30 18 .W....:.l..V..0. 00B0: 76 2D E0 E2 9D 96 8B 23 C1 6F 82 EE BC C7 2C F8 v-.....#.o....,. 00C0: 62 8A 23 9F 74 4A 51 4E 83 0D 65 D3 BC EF D3 61 b.#.tJQN..e....a 00D0: 66 15 DD 19 08 92 01 18 61 EF 11 7D 5F 92 BC 83 f.......a..._... 00E0: 4F 2B A0 78 46 B9 71 6A 26 04 8E 69 9E E4 9E B7 O+.xF.qj&..i.... 00F0: 58 79 1E CA 3C A9 77 CA C7 8A 5B EA 05 BE E2 72 Xy..<.w...[....r ] chain [1] = [ [ Version: V3 Subject: CN=HMAIssuingCA, DC=hma, DC=com Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 2048 bits modulus: 252119053238242016428096556407677069930262456375977811240478656854140 22269270066845993050661647363969176941359559384849895482390283770784670290665316 68567149031446747822130256736169933543499767564842682928212982603592939565647469 14732367403895805800667905236178329987746862841039128052872776131492353155091365 79773720529093462224208784199511914884259298345528564535940988055868147460665404 00716000591208615176350207979540480355338345194959902532132868266372698950118274 63021424122193278074100425839211154803053898072437474040280296932847671882474501 98231706482551103961524356749651931903910820032892237106364421885541 public exponent: 65537 Validity: [From: Wed Oct 16 20:01:35 IST 2013, To: Mon Oct 16 20:11:35 IST 2023] Issuer: CN=HMAROOT-CA SerialNumber: [ 6134bc1e 00000000 0002] Certificate Extensions: 8 [1]: ObjectId: 1.3.6.1.4.1.311.20.2 Criticality=false Extension unknown: DER encoded OCTET string = 0000: 04 0C 1E 0A 00 53 00 75 00 62 00 43 00 41 .....S.u.b.C.A [2]: ObjectId: 1.3.6.1.4.1.311.21.1 Criticality=false Extension unknown: DER encoded OCTET string = 0000: 04 03 02 01 00 ..... [3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: ldap:///CN=HMAROOT-CA,CN=AIA,CN=Public%20Key%20Servi ces,CN=Services,DC=UnavailableConfigDN?cACertificate?base?objectClass=certificat ionAuthority , accessMethod: caIssuers accessLocation: URIName: http://pki.hma.com/CertEnroll/000TIER1CA01_HMAROOT-C A.crt ] ] [4]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 59 86 B0 43 AF 92 63 14 09 60 B5 99 09 71 DB 2D Y..C..c..`...q.- 0010: 5D 3E A7 4E ]>.N ] ] [5]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] [6]: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: ldap:///CN=HMAROOT-CA,CN=000TIER1CA01,CN=CDP,CN=Public%20Key%20Se rvices,CN=Services,DC=UnavailableConfigDN?certificateRevocationList?base?objectC lass=cRLDistributionPoint, URIName: http://pki.hma.com/CertEnroll/HMAROOT-CA.crl ] ]] [7]: ObjectId: 2.5.29.15 Criticality=false KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] [8]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 0A 11 AC D4 3C 0D 15 9D F6 CE 86 BB 32 ED 38 2E ....<.......2.8. 0010: 93 CA F5 E2 .... ] ] ] Algorithm: [SHA1withRSA] Signature: 0000: 79 3C C0 D7 D6 B4 DD 9E 60 4C D0 90 C0 B3 DD D3 y<......`L...... 0010: F2 52 F1 82 6E 15 41 67 6F 92 E7 87 C6 6C 92 C9 .R..n.Ago....l.. 0020: 2F 80 A8 74 96 55 43 FB 3D 43 93 70 26 09 E3 25 /..t.UC.=C.p&..% 0030: 04 3E 8E 71 FD DD 6B CE 94 6A CD DE 69 7C 5B F8 .>.q..k..j..i.[. 0040: 4D 9F 7D 3A 37 7F 41 1D 7B 5C 8D 55 AB F8 49 E3 M..:7.A..\.U..I. 0050: 2F 07 A4 F5 05 5D FD 4E B5 B0 24 06 5B FB 3D 9C /....].N..$.[.=. 0060: 98 25 98 B8 95 4C 11 3D 0D 08 A1 A2 A8 8D 69 F7 .%...L.=......i. 0070: 9D AA 67 C1 51 E7 2D 00 54 3F F4 CE 8F 8D E2 D2 ..g.Q.-.T?...... 0080: 77 3C 77 0A 3D 8B 0B 54 FB 52 07 1A BF F0 89 A3 w<w.=..T.R...... 0090: 37 69 60 F9 6B 61 58 F9 41 89 CF 04 27 E4 4F 8F 7i`.kaX.A...'.O. 00A0: CA B0 E4 56 3C 15 21 9A 77 D9 1B 81 0C 2D D4 A1 ...V<.!.w....-.. 00B0: DD 37 8A EA E5 7D EE BD 6A 0C 52 A3 8F 94 CE 46 .7......j.R....F 00C0: 85 C4 71 20 44 BC D5 A0 17 73 96 E8 E2 C9 99 F7 ..q D....s...... 00D0: FC EF 00 A0 74 4B EB 53 6A 5A 3C FF C7 9B 07 48 ....tK.SjZ<....H 00E0: F7 3F 18 29 91 91 29 43 BB 0D A3 C9 4C 57 5C 9E .?.)..)C....LW\. 00F0: C7 FB FB 1A 3F 5B 5D 36 27 2B F7 8E 3A 0D 43 00 ....?[]6'+..:.C. ] *** %% Invalidated: [Session-2, TLS_RSA_WITH_AES_128_CBC_SHA] http-bio-8443-exec-5, SEND TLSv1 ALERT: fatal, description = certificate_unknow n http-bio-8443-exec-5, WRITE: TLSv1 Alert, length = 2 http-bio-8443-exec-5, called closeSocket() http-bio-8443-exec-5, handling exception: javax.net.ssl.SSLHandshakeException: s un.security.validator.ValidatorException: PKIX path building failed: sun.securit y.provider.certpath.SunCertPathBuilderException: unable to find valid certificat ion path to requested target 2015-04-07 12:24:24,647 ERROR [org.jasig.cas.authentication.AuthenticationManage rImpl] - <org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler threw error authenticating [username: corp.nurse]> org.springframework.ldap.CommunicationException: ldaps.hma.com:636; nested excep tion is javax.naming.CommunicationException: ldaps.hma.com:636 [Root exception i s javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException : PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderEx ception: unable to find valid certification path to requested target] at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapU tils.java:100) at org.springframework.ldap.core.support.AbstractContextSource.createCon text(AbstractContextSource.java:266) at org.springframework.ldap.core.support.AbstractContextSource.getContex t(AbstractContextSource.java:106) at org.springframework.ldap.core.support.AbstractContextSource.getReadOn lyContext(AbstractContextSource.java:125) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:2 87) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:3 61) at org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticat eUsernamePasswordInternal(BindLdapAuthenticationHandler.java:90) at org.jasig.cas.authentication.handler.support.AbstractUsernamePassword AuthenticationHandler.doAuthentication(AbstractUsernamePasswordAuthenticationHan dler.java:71) at org.jasig.cas.authentication.handler.support.AbstractPreAndPostProces singAuthenticationHandler.authenticate_aroundBody2(AbstractPreAndPostProcessingA uthenticationHandler.java:85) at org.jasig.cas.authentication.handler.support.AbstractPreAndPostProces singAuthenticationHandler.authenticate_aroundBody3$advice(AbstractPreAndPostProc essingAuthenticationHandler.java:57) at org.jasig.cas.authentication.handler.support.AbstractPreAndPostProces singAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticatio nHandler.java:1) at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticateAn dObtainPrincipal(AuthenticationManagerImpl.java:93) at org.jasig.cas.authentication.AbstractAuthenticationManager.authentica te_aroundBody0(AbstractAuthenticationManager.java:57) at org.jasig.cas.authentication.AbstractAuthenticationManager.authentica te_aroundBody1$advice(AbstractAuthenticationManager.java:57) at org.jasig.cas.authentication.AbstractAuthenticationManager.authentica te(AbstractAuthenticationManager.java:1) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflecti on(AopUtils.java:318) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJo inpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed( ReflectiveMethodInvocation.java:150) at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.p roceed(MethodInvocationProceedingJoinPoint.java:80) at org.perf4j.aop.AbstractTimingAspect$1.proceed(AbstractTimingAspect.ja va:47) at org.perf4j.aop.AgnosticTimingAspect.runProfiledMethod(AgnosticTimingA spect.java:53) at org.perf4j.aop.AbstractTimingAspect.doPerfLogging(AbstractTimingAspec t.java:45) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet hodWithGivenArgs(AbstractAspectJAdvice.java:621) at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet hod(AbstractAspectJAdvice.java:610) at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAro undAdvice.java:65) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed( ReflectiveMethodInvocation.java:161) at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.p roceed(MethodInvocationProceedingJoinPoint.java:80) at com.github.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail (AuditTrailManagementAspect.java:126) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet hodWithGivenArgs(AbstractAspectJAdvice.java:621) at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet hod(AbstractAspectJAdvice.java:610) at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAro undAdvice.java:65) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed( ReflectiveMethodInvocation.java:161) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invok e(ExposeInvocationInterceptor.java:90) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed( ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynami cAopProxy.java:202) at com.sun.proxy.$Proxy25.authenticate(Unknown Source) at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTi cket_aroundBody10(CentralAuthenticationServiceImpl.java:477) at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTi cket_aroundBody11$advice(CentralAuthenticationServiceImpl.java:57) at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTi cket(CentralAuthenticationServiceImpl.java:1) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflecti on(AopUtils.java:318) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJo inpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed( ReflectiveMethodInvocation.java:150) at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.p roceed(MethodInvocationProceedingJoinPoint.java:80) at org.perf4j.aop.AbstractTimingAspect$1.proceed(AbstractTimingAspect.ja va:47) at org.perf4j.aop.AgnosticTimingAspect.runProfiledMethod(AgnosticTimingA spect.java:53) at org.perf4j.aop.AbstractTimingAspect.doPerfLogging(AbstractTimingAspec t.java:45) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet hodWithGivenArgs(AbstractAspectJAdvice.java:621) at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet hod(AbstractAspectJAdvice.java:610) at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAro undAdvice.java:65) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed( ReflectiveMethodInvocation.java:161) at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.p roceed(MethodInvocationProceedingJoinPoint.java:80) at com.github.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail (AuditTrailManagementAspect.java:126) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet hodWithGivenArgs(AbstractAspectJAdvice.java:621) at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet hod(AbstractAspectJAdvice.java:610) at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAro undAdvice.java:65) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed( ReflectiveMethodInvocation.java:161) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invok e(ExposeInvocationInterceptor.java:90) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed( ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynami cAopProxy.java:202) at com.sun.proxy.$Proxy26.createTicketGrantingTicket(Unknown Source) at org.jasig.cas.web.flow.AuthenticationViaFormAction.submit_aroundBody2 (AuthenticationViaFormAction.java:109) at org.jasig.cas.web.flow.AuthenticationViaFormAction.submit_aroundBody3 $advice(AuthenticationViaFormAction.java:57) at org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(Authenticat ionViaFormAction.java:1) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:830) at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:1253) at ognl.ObjectMethodAccessor.callMethod(ObjectMethodAccessor.java:68) at ognl.OgnlRuntime.callMethod(OgnlRuntime.java:1329) at ognl.ASTMethod.getValueBody(ASTMethod.java:90) at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212) at ognl.SimpleNode.getValue(SimpleNode.java:258) at ognl.ASTChain.getValueBody(ASTChain.java:141) at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212) at ognl.SimpleNode.getValue(SimpleNode.java:258) at ognl.Ognl.getValue(Ognl.java:494) at org.springframework.binding.expression.ognl.OgnlExpression.getValue(O gnlExpression.java:85) at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateA ction.java:75) at org.springframework.webflow.action.AbstractAction.execute(AbstractAct ion.java:188) at org.springframework.webflow.execution.AnnotatedAction.execute(Annotat edAction.java:145) at org.springframework.webflow.execution.ActionExecutor.execute(ActionEx ecutor.java:51) at org.springframework.webflow.engine.ActionState.doEnter(ActionState.ja va:101) at org.springframework.webflow.engine.State.enter(State.java:194) at org.springframework.webflow.engine.Transition.execute(Transition.java :227) at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(Flo wExecutionImpl.java:393) at org.springframework.webflow.engine.impl.RequestControlContextImpl.exe cute(RequestControlContextImpl.java:214) at org.springframework.webflow.engine.TransitionableState.handleEvent(Tr ansitionableState.java:119) at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555) at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent (FlowExecutionImpl.java:388) at org.springframework.webflow.engine.impl.RequestControlContextImpl.han dleEvent(RequestControlContextImpl.java:210) at org.springframework.webflow.engine.ViewState.handleEvent(ViewState.ja va:232) at org.springframework.webflow.engine.ViewState.resume(ViewState.java:19 6) at org.springframework.webflow.engine.Flow.resume(Flow.java:545) at org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(Flow ExecutionImpl.java:261) at org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution (FlowExecutorImpl.java:169) at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(Flo wHandlerAdapter.java:183) at org.springframework.web.servlet.DispatcherServlet.doDispatch(Dispatch erServlet.java:923) at org.springframework.web.servlet.DispatcherServlet.doService(Dispatche rServlet.java:852) at org.springframework.web.servlet.FrameworkServlet.processRequest(Frame workServlet.java:882) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServ let.java:789) at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) at javax.servlet.http.HttpServlet.service(HttpServlet.java:728) at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(Safe DispatcherServlet.java:128) at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advi ce(SafeDispatcherServlet.java:57) at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherSe rvlet.java:1) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:210) at org.springframework.web.filter.CharacterEncodingFilter.doFilterIntern al(CharacterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR equestFilter.java:76) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D elegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat ingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:210) at com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(C lientInfoThreadLocalFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV alve.java:222) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV alve.java:123) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica torBase.java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j ava:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j ava:99) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java: 936) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal ve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav a:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp 11Processor.java:1004) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process( AbstractProtocol.java:589) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoin t.java:312) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor. java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor .java:615) at java.lang.Thread.run(Thread.java:722) Caused by: javax.naming.CommunicationException: ldaps.hma.com:636 [Root exceptio n is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExcept ion: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilde rException: unable to find valid certification path to requested target] at com.sun.jndi.ldap.Connection.<init>(Connection.java:224) at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136) at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1600) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2698) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211 ) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.ja va:154) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.jav a:84) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6 84) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307 ) at javax.naming.InitialContext.init(InitialContext.java:242) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:1 53) at org.springframework.ldap.core.support.LdapContextSource.getDirContext Instance(LdapContextSource.java:43) at org.springframework.ldap.core.support.AbstractContextSource.createCon text(AbstractContextSource.java:254) ... 154 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPath BuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker. java:1341) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.jav a:153) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl. java:1312) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339 ) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323 ) at com.sun.jndi.ldap.Connection.createSocket(Connection.java:379) at com.sun.jndi.ldap.Connection.<init>(Connection.java:201) ... 168 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali d certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav a:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.j ava:326) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerIm pl.java:231) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustMan agerImpl.java:126) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker. java:1323) ... 177 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert PathBuilder.java:196) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) ... 183 more -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
