Yawn, set truststoreFile="/path/to/keystore/file" on the <Connector /> element.
In most cases, the truststore and keystore are different authorities, so there is no good reason for Tomcat to default them to being the same. "David Avenante" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Hi, I' m use CAS for SSO solution. I' ve create a certifiacte for my tomcat and deployed my two applications (CAS server AND client) on the same Tomcat with certificate. When i go to my client application i' m redirecte (in https mode) to the CAS server login page with aknowledge of my certificate in the browser. So all seem OK but after authentification, the CAS protocol callback me to my client who (my client) query the cas server for validation. And this call Fail with : Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ... Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ... Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target So after many time on the net the probleme seems to be identified as : "for some reason the web server keystore does not trust the HTTPS certificate presented by the CAS server" But my client and my server are on the same tomcat !!!! Thank you for any help ;) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
