HI Scott, thanks for your reply. I solved the problem by going ahead and putting in -Djavax.net.ssl.keyStore and .trustStore into the jvm path, and adding in what I needed, even though tomcat doesn't handle the ssl connection. I had added the cert files httpd was using into the cacerts file, but it took adding the parameters to make it finally work.
Thanks again _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Battaglia Sent: Monday, December 11, 2006 2:32 PM To: Yale CAS mailing list Subject: Re: CAS, certs, HTTPD, and Tomcat Perry, Is it a self-signed certificate? If so, it would need to be added to the JVM's cacerts file. Is this error on the CAS server side or the CAS client side? Thanks -Scott On 12/9/06, Perry Minchew <[EMAIL PROTECTED]> wrote: Hi all, Hoping someone can help me out with this problem. I successfully got CAS up and running in my development environment, and now I'm trying to push it forward into production. However, I'm having a new cert problem, and I'm not quite sure what to do. In my development environment, I have only have a tomcat instance, and tomcat handles the SSL connection.. However, in production, we have an HTTPD server in front of 2 (two) tomcat instances. Our HTTPD server manages and negotiates the SSL connection with the outside world. It then connects to the 2 tomcat servers over a non-ssl connection. To setup CAS, the login and service urls require https addresses. Now, I've got everything set up as I would have thought it needs to be, but I'm getting the following error: javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorExceptio n: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException : unable to find valid certification path to requested target According to the JA-SIG documentation, this is probably caused by the SSL callback specified in terms of an IP address rather than a host name. Well, in all of my config files for CAS (web.xmls included) I am specifying the host name of my server, (eg no ips in my config) for serviceUrl, loginUrl, and serverName. Could this have anything to do with tomcat not actually dealing with the ssl itself? We have no ssl connections set up on either tomcat server, only in the httpd connection. (we do have MOD_SSL installed on httpd, and a successful connection from httpd and tomcat). How does the cert issue come into play when tomcat does not manage the ssl connection, while httpd does? Any help available? Perry Minchew Systems Integrator SPAWAR Systems Charleston Office : (843) 218.7031 Cell : (843) 822.1555 _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
