I was thinkgs about it... you are right! I got it! Thanks you
Scott!!!! You help me a lot!
And congratulations!
On 9/1/06, Scott Battaglia <[EMAIL PROTECTED]> wrote:
> The only other thing I can recommend you check off the top of my head is
> that if you have multiple JREs installed, make sure you are adding the
> certificate to the correct one.
>
> -Scott
>
>
> On 9/1/06, Paulo Cheque <[EMAIL PROTECTED]> wrote:
> > Is there another possibilities of my problem? I am sending my code:
> >
> > <bean class="my.package.AaaAaaAuthenticationHandler" />
> >
> > public boolean authenticate(Credentials credentials) throws
> > AuthenticationException {
> > return true;
> > }
> >
> > public boolean supports(Credentials credentials) {
> > return true;
> > }
> >
> >
> > Thanks in advance =(
> >
> > On 9/1/06, Paulo Cheque <[EMAIL PROTECTED] > wrote:
> > > I've tried, but I got the same error =(
> > >
> > >
> > >
> > > edu.yale.its.tp.cas.client.CASAuthenticationException :
> > > Unable to validate ProxyTicketValidator
> > > [[edu.yale.its.tp.cas.client.ProxyTicketValidator
> > > proxyList=[null]
> > >
> > > [edu.yale.its.tp.cas.client.ServiceTicketValidator
> > > asValidateUrl=[
> https://localhost:8443/cas/serviceValidate]
> > > ticket=[ST-2-LhYi2UnrIo2L6yrAhx2Ctf4vqJLrmV76Whp-20]
> > > service=[http%3A%2F%2Flocalhost%3A8080%2FNovoFenix]
> > > renew=false]]]
> > >
> > > Caused by: javax.net.ssl.SSLHandshakeException:
> > > sun.security.validator.ValidatorException : PKIX
> > > path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException
> > > : unable to find valid certification path to requested target
> > >
> > > Caused by: sun.security.validator.ValidatorException :
> > > PKIX path building failed:
> > >
> > >
> > >
> sun.security.provider.certpath.SunCertPathBuilderException
> > > :unable to find valid certification path to requested target
> > >
> > >
> > >
> > >
> > >
> > >
> > > On 8/31/06, Scott Battaglia <[EMAIL PROTECTED]> wrote:
> > > > You only need to import it once. The second one doesn't matter. Try
> using
> > > > CAS and the client now.
> > > >
> > > >
> > > > -Scott
> > > >
> > > > On 8/31/06, Paulo Cheque < [EMAIL PROTECTED]> wrote:
> > > > > I am still getting the same error =(
> > > > >
> > > > >
> > > >
> ______________________________________________________________
> > > > > Example:
> > > > > JAVA_HOME\bin\keytool -import -file server.crt -keypass changeit
> -keystore
> > > > > JAVA_HOME/jre/lib/security/cacerts
> > > > >
> > > > > keytool -import -file server.crt -keypass changeit -keystore
> > > > > c:/Program\ Files\
> > > > \(x86\)/Java/jre1.5.0_06/lib/security/cacerts
> > > > >
> > > > > Obs: I understand "server.crt" like "%FILE_NAME%", am I right?
> > > > >
> > > >
> ______________________________________________________________
> > > > >
> > > > > I am going to tell you my actions:
> > > > >
> > > > > 1) JAVA_HOME\bin\keytool -delete -alias tomcat -keypass changeit
> > > > >
> > > > > Done
> > > > >
> > > > > 2) JAVA_HOME\bin\keytool -genkey -alias tomcat -keypass changeit
> -keyalg
> > > > RSA
> > > > >
> > > > > CN=localhost, OU=AAA, O=Aaaaaaa, L=Aaa Aaaaa, ST=Aaaaa, C=AA
> > > > >
> > > > > 3) JAVA_HOME\bin\keytool -export -alias tomcat -keypass changeit
> > > > > -file %FILE_NAME%
> > > > >
> > > > > Certificate stored in file server.crt
> > > > >
> > > > > 4) JAVA_HOME\bin\keytool -import -file server.crt -keypass changeit
> > > > -keystore 5)
> > > > > JAVA_HOME/jre/lib/security/cacerts
> > > > >
> > > > > Certificate was added to keystore
> > > > >
> > > > > 5)JAVA_HOME\bin\keytool -import -file server.crt -keystore 7)
> > > > > JAVA_HOME\jre\lib\security\cacerts
> > > > >
> > > > > keytool error: java.lang.Exception : Certificate not
> imported,
> > > > > alias <mykey> already exists.
> > > > >
> > > >
> ______________________________________________________________
> > > > >
> > > > >
> > > > > Thanks in advance
> > > > > Paulo
> > > > >
> > > >
> ______________________________________________________________
> > > > >
> > > > > On 8/31/06, Paulo Cheque < [EMAIL PROTECTED]> wrote:
> > > > > > I have problens in the last (5) command: keytool error:
> > > > > > java.lang.Exception: Certificate not imported, alias <mykey>
> already
> > > > > > exists.
> > > > > >
> > > > > > Obs: I understand " server.crt" like "%FILE_NAME%", am I right?
> > > > > >
> > > > > >
> > > > > > 1) JAVA_HOME\bin\keytool -delete -alias tomcat -keypass changeit
> > > > > >
> > > > > > 2) JAVA_HOME\bin\keytool -genkey -alias tomcat -keypass changeit
> -keyalg
> > > > RSA
> > > > > >
> > > > > > 3) JAVA_HOME\bin\keytool -export -alias tomcat -keypass changeit
> > > > > > -file %FILE_NAME%
> > > > > >
> > > > > > 4)JAVA_HOME\bin\keytool -import -file server.crt -keypass changeit
> > > > -keystore 5)
> > > > > > JAVA_HOME/jre/lib/security/cacerts
> > > > > >
> > > > > > 5)JAVA_HOME\bin\keytool -import -file server.crt -keystore 7)
> > > > > > JAVA_HOME\jre\lib\security\cacerts
> > > > > >
> > > > > > Obs: This link is equal to a pdf in the site.
> > > > > >
> > > > > > Thanks in advance again.
> > > > > > Paulo
> > > > > >
> > > > > > On 8/31/06, Scott Battaglia < [EMAIL PROTECTED]> wrote:
> > > > > > > This may assist you...
> > > > > > >
> > > >
> http://www.ja-sig.org/products/cas/server/ssl/index.html
> > > > > > >
> > > > > > >
> > > > > > > -Scott
> > > > > > >
> > > > > > > On 8/31/06, Paulo Cheque <[EMAIL PROTECTED] > wrote:
> > > > > > > > HMmmmm, I've created but I don't know if i add ir to the
> cacerts in
> > > > my
> > > > > > > > JVM, I will try it. And I will configure CN properly this
> time.
> > > > > > > >
> > > > > > > > Thanks you Scott, quick answer!
> > > > > > > >
> > > > > > > > On 8/31/06, Scott Battaglia < [EMAIL PROTECTED]>
> wrote:
> > > > > > > > > Paulo,
> > > > > > > > >
> > > > > > > > > A couple questions. Did you generate the certificate
> yourself? If
> > > > so,
> > > > > > > did
> > > > > > > > > you add it to the cacerts file in your JVM? Second, what
> did you
> > > > use as
> > > > > > > the
> > > > > > > > > CN name? It should be the name of your hostname ( i.e.
> > > > localhost).
> > > > > > > > >
> > > > > > > > > -Scott
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On 8/31/06, Paulo Cheque < [EMAIL PROTECTED]> wrote:
> > > > > > > > > >
> > > > > > > > > Hi, I am trying to start use CAS with Tomcat 5.5.x.
> > > > > > > > >
> > > > > > > > > - I create a AuthenticationHandler that implements
> > > > > > > > > AuthenticationHandler interface.
> > > > > > > > > - I have configured deployerConfigContext.xml to find my
> > > > implementation.
> > > > > > > > > - Make a war file and deploy it.
> > > > > > > > >
> > > > > > > > > When I put a valid login throw that exceptions above.
> > > > > > > > > I am thinking the reason is "Certificate for IP" because I
> am
> > > > working
> > > > > > > > > with localhost and certificated has problens with IP. Am I
> rigth?
> > > > > > > > >
> > > > > > > > > Is there any mode to test my CAS with localhost?
> > > > > > > > >
> > > > > > > > > Thanks in advance!
> > > > > > > > > Paulo
> > > > > > > > >
> > > > > > > > >
> > > > edu.yale.its.tp.cas.client.CASAuthenticationException
> :
> > > > > > > > > Unable to
> > > > > > > > > validate ProxyTicketValidator
> > > > > > > > >
> [[edu.yale.its.tp.cas.client.ProxyTicketValidator
> > > > > > > > > proxyList=[null]
> > > > > > > > >
> > > > [edu.yale.its.tp.cas.client.ServiceTicketValidator
> > > > > > > > > casValidateUrl=[
> > > > > > > https://localhost:8443/cas/serviceValidate ]
> > > > > > > > >
> > > > ticket=[ST-2-LhYi2UnrIo2L6yrAhx2Ctf4vqJLrmV76Whp-20]
> > > > > > > > >
> > > > service=[http%3A%2F%2Flocalhost%3A8080%2FNovoFenix]
> > > > > > > > > renew=false]]]
> > > > > > > > >
> > > > > > > > > Caused by:
> javax.net.ssl.SSLHandshakeException:
> > > > > > > > > sun.security.validator.ValidatorException:
> PKIX
> > > > path
> > > > > > > > > building failed:
> > > > > > > > >
> > > > > > >
> > > >
> sun.security.provider.certpath.SunCertPathBuilderException
> > > > > > > > > : unable to
> > > > > > > > > find valid certification path to requested target
> > > > > > > > >
> > > > > > > > > Caused by:
> > > > sun.security.validator.ValidatorException :
> > > > > > > PKIX
> > > > > > > > > path
> > > > > > > > > building failed:
> > > > > > > > >
> > > > > > >
> > > >
> sun.security.provider.certpath.SunCertPathBuilderException
> > > > > > > :
> > > > > > > > > unable to
> > > > > > > > > find valid certification path to requested target
> > > > > > > > >
> > > > > > > > > Caused by:
> > > > > > > > >
> > > > > > >
> > > >
> sun.security.provider.certpath.SunCertPathBuilderException:
> > > > > > > > > unable to find valid certification path to requested target
> > > > > > > > >
> _______________________________________________
> > > > > > > > > Yale CAS mailing list
> > > > > > > > > [email protected]
> > > > > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> _______________________________________________
> > > > > > > > > Yale CAS mailing list
> > > > > > > > > [email protected]
> > > > > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> _______________________________________________
> > > > > > > > Yale CAS mailing list
> > > > > > > > [email protected]
> > > > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > Yale CAS mailing list
> > > > > > > [email protected]
> > > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > _______________________________________________
> > > > > Yale CAS mailing list
> > > > > [email protected]
> > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Yale CAS mailing list
> > > > [email protected]
> > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > >
> > > >
> > > >
> > >
> > _______________________________________________
> > Yale CAS mailing list
> > [email protected]
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
>
>
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
