Thank you Guido appreciate your assistance , and if possible send me any tutorial related to my case ( apache server different than Tomcat , CAS app need SSL )
On Fri, Sep 28, 2018 at 11:40 AM Jäkel, Guido <g.jae...@dnb.de> wrote: > Dear Loai, > > Your client can't very (don't trust) the certificate (chain) of the > target. Either target's certificate is not an "official" one (e.g. self > signed) or your clients JVM certificate trust chain is not up to date. > > I you like I may send you a small java commandline tool to check the > verification chain and/or add exceptions to the local trust store in case > of self-signed certificates. > > Guido > > > >-----Original Message----- > >From: Loai Abdallatif [mailto:loai.abdalla...@gmail.com] > >Sent: Thursday, September 27, 2018 4:52 PM > >To: Tomcat Users List <users@tomcat.apache.org> > >Subject: Re: SSL on Tomcat > > > >hello, shall I add the certificate to server.xml on tomcat server or just > on Webserver > > > > > >On Thu, Sep 27, 2018 at 5:50 PM, Loai Abdallatif < > loai.abdalla...@gmail.com <mailto:loai.abdalla...@gmail.com> > wrote: > > > > > > Hello, > > > > I have Set Apache Load Balancer ( ModJK) with Server IP > 192.168.1.120 (Webserver01.epsilon.test) which forward the > >traffic to tomcat server .(192.168.1.111 (appserver01.epsilon.test) > > > > > > each tomcat server has three workers ( 0,1,2) > > > > I deployed Central Authentication Service (CAS) on Worker0 and > its is working with warning related to ssl > >Certificate, I have another Application on this worker0 called > ServiceCatalog unfortunatly it didnt work and gave error as below > > > > > > > > > > > > > > > > > > ERROR org.jasig.cas.client.util.CommonUtils - > sun.security.validator.ValidatorException: PKIX path building failed > >: sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested > >target > > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.sec > >urity.provider.certpath.SunCertPathBuilderException: unable to find valid > certification path to requested target > > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) > > at > sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964) > > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328) > > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322) > > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614) > > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) > > at > sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) > > at > sun.security.ssl.Handshaker.process_record(Handshaker.java:987) > > at > sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) > > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) > > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) > > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) > > at > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) > > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnectio > >n.java:185) > > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564) > > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492) > > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263) > > at > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:429) > > at > org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(A > >bstractCasProtocolUrlBasedTicketValidator.java:41) > > at > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidato > >r.java:193) > > at > org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthentica > >tionProvider.java:157) > > at > org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticatio > >nProvider.java:142) > > > > > > > >