javax.servlet.ServletException: sun.security.validator.ValidatorException

Wed, 13 Dec 2006 08:04:07 -0800 

Hello all,

i am evaluating cas and i have done the next steps:

1) Generate a certificate as say in the web

/usr/java/jre/bin/keytool -delete -alias tomcat -keypass changeit

/usr/java/jre/bin/keytool -genkey -alias tomcat -keypass changeit -keyalg
RSA

/usr/java/jre/bin/keytool -export -alias tomcat -keypass changeit  -file
/export/home/domenech/tomcat.crt

/usr/java/jre/bin/keytool -import -file /export/home/domenech/tomcat.crt
-keypass changeit -keystore /usr/java/jre/lib/security/cacerts

/usr/java/jre/bin/keytool -import -file /export/home/domenech/tomcat.crt
-keystore /usr/java/jre/bin/lib/security\cacerts


2) I have modificated the server.xml

<Connector port="8443" maxHttpHeaderSize="8192"
              maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
              enableLookups="false" disableUploadTimeout="true"
              acceptCount="100" scheme="https" secure="true"
              clientAuth="false" sslProtocol="TLS"
              keystoreFile= "/export/home/domenech/.keystore"
              keyAlias="tomcat"
              keystorePass="changeit"/>

3) I configure my web.xml

<web-app xmlns="http://java.sun.com/xml/ns/j2ee";
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";
    version="2.4">
   <session-config>
       <session-timeout>
           30
       </session-timeout>
   </session-config>
   <welcome-file-list>
   <welcome-file>
           index.jsp
       </welcome-file>
   </welcome-file-list>
   <filter>
   <filter-name>CAS Filter</filter-name>
   <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
   <init-param>
     <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
     <param-value>https://localhost:8443/cas/login</param-value>
   </init-param>
   <init-param>
     <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
     <param-value>https://localhost:8443/cas/proxyValidate</param-value>
   </init-param>
   <init-param>
     <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
     <param-value>localhost:9596</param-value>
   </init-param>
 </filter>

 <filter-mapping>
   <filter-name>CAS Filter</filter-name>
   <url-pattern>/*</url-pattern>
 </filter-mapping>
</web-app>

4) I run Tomcat and i access by https to cas page


5) When i start session i have the next error

javax.servlet.ServletException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(
CASFilter.java:254)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)

causa raíz

javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(
ClientHandshaker.java:847)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(
ClientHandshaker.java:106)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java
:815)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(
SSLSocketImpl.java:1025)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java
:1038)
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(
AbstractDelegateHttpsURLConnection.java:170)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(
HttpURLConnection.java:913)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(
HttpsURLConnectionImpl.java:234)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(
ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(
CASFilter.java:219)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)


can anyone help me?

thanks you

_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to