Take a look at:
http://www.ja-sig.org/products/cas/server/ssl/index.html

It looks like your client application's JVM doesn't trust your CAS 
server's certificate and it needs to be added to the JVM's cacerts file.

-Scott

Noel Sebastien (BIL) wrote:
> I am newbie to CAS. I am using CAS 3 on Tomcat 5 under Eclipse
> (MyEclipse) with Java sdk 1.4.2_02.
> It works fine until I type the password to the CAS login page, then it
> redirect to the service caller (https:...) and display the following
> error :
>
> javax.servlet.ServletException:
> sun.security.validator.ValidatorException: No trusted certificate found
>       
> edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilt
> er.java:254)
>       
> edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)
> root cause 
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: No trusted certificate found
>       com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
>       com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>       com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>       com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
>       com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
>       com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
>       com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>       com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
>       
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
>       sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
>       
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Da
> shoA6275)
>       
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnec
> tion.java:617)
>       
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(DashoA6
> 275)
>       edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70)
>       
> edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicket
> Validator.java:212)
>       
> edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilt
> er.java:219)
>       
> edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)
> note The full stack trace of the root cause is available in the Apache
> Tomcat/5.0.28 logs.
>
>
> Searching the archive I am reviving an old thread ending having the SAME
> explanation but with no solution
> (http://tp.its.yale.edu/pipermail/cas/2005-May/001241.html ) besides
> this thread says a possible way is to look at the link
> http://jasigch.princeton.edu:9000/display/CAS/Solving+SSL+issues 
> But this is a broken link.. Has anyone the solution please ?
> I am not sure to understand what is wrong. SSL in the web browser ? SSL
> certificate in Tomcat ? Other ?
>
> Thank you in advance,
>
>
> ---------------------
> An electronic message is not binding on its sender.
> Any message referring to a binding engagement must be confirmed in writing 
> and duly signed.
> ---------------------
>
>
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>   
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to