Hello Loai, Agree with Christopher, you have to fix your client. Just get the root Certificate Authority public key and import it in your client truststore. If you did not change it the client (java) the default keystore is located in $JAVA_HOME/jre/lib/security/cacerts. Something like:
keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass trust_store_password_here -alias Root -import -file the_downloaded_ca.crt The default password for cacerts is changeit Hopeit helps, Luis El sáb., 29 sept. 2018 a las 12:05, Loai Abdallatif (< loai.abdalla...@gmail.com>) escribió: > Thanks Chris, but how to do it, should I copy the ssl certificate from > Webserver 192.168.1.120 to my tomcat container (worker0) in 192.168.1.111 > in server.xml . > any idea please > > On Sat, Sep 29, 2018 at 1:35 AM Christopher Schultz < > ch...@christopherschultz.net> wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > Loai, > > > > On 9/27/18 10:50, Loai Abdallatif wrote: > > > Hello, > > > > > > I have Set Apache Load Balancer ( ModJK) with Server IP > > > 192.168.1.120 (Webserver01.epsilon.test) which forward the traffic > > > to tomcat server .(192.168.1.111 (appserver01.epsilon.test) > > > > > > each tomcat server has three workers ( 0,1,2) > > > > > > I deployed *Central Authentication Service* (CAS) on Worker0 and > > > its is working with warning related to ssl Certificate, I have > > > another Application on this worker0 called ServiceCatalog > > > unfortunatly it didnt work and gave error as below > > > > > > > > > ERROR org.jasig.cas.client.util.CommonUtils - > > > sun.security.validator.ValidatorException: PKIX path building > > > failed > > > : sun.security.provider.certpath.SunCertPathBuilderException: > > > unable to find valid certification path to requested > > > target javax.net.ssl.SSLHandshakeException: > > > sun.security.validator.ValidatorException: PKIX path building > > > failed: sun.sec > > > urity.provider.certpath.SunCertPathBuilderException: unable to > > > find valid certification path to requested target > > > > As Guido says, your client (org.jasig.cas.client) does not trust the > > server it's trying to connect to. > > > > Is the server in this case the one you set up above? It's not clear > > exactly what you are trying to do. > > > > There is nothing you can change with Tomcat to fix this error... you > > must configure your client to trust the server. > > > > - -chris > > -----BEGIN PGP SIGNATURE----- > > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAluurMsACgkQHPApP6U8 > > pFiGARAAk5GnoU7+3tk16yh+cCme1mzPZiEUf0y1uE8CK74zaNB4OXbeF6iuNOEm > > 9OP5MV6zyQC/NxI+DSlUzN32ZUEDLKSw7OUcMmhBfrZs690NEChHTJV9p/EpC7NS > > 8LwMU/r3MFrvpkaLuPQsq+DbzbNRefh6+eOEhGTT3WtwW6SYtXxNUbBz4WmCSTrz > > LHPYGTpUT19CX2BE5sNQeV5F4/ul3fLSMuVp4RryVo4BLQKBwh/rexb1fUbsdxyn > > /v3HyCgreuhFV7DVMF+BuA46sccOm6kScMf7r9LrDioMswZvn79dFGgo9qMDgCWE > > 37j7Dnv72GdtlkkNAkP9sKm413B4LzAhuL56bAyK+3SRRKuiqDPgq+4tcEOsIb4u > > j6j3ZtJbpoojibAuNZWcvR3kjEPfCDUnRa6JSKXu1Y7Bekr3kLYbiGtOVWXi0ozs > > 9zzq8D7lqSDD7b0UhuZ22yuR0OBZMlxn0/ELH0GNikyLuwAd3UrrcNXfL7kpl5P9 > > BFSEnpZ8uD7bhXrkVCBdM+ktXrCYS8StEIFNwXe5WeUbLdXoCDNKvlKgZKq2/IkD > > /Zjh44ecYr8TNdfvyNJxL2YGTUZcfwyZETrMX/1ont7VfFU/xHuh1DE6R60vAtfB > > 8nEsqNc+FFocsKlEwQbVyt0XP54DPfPGzXX544NLfbaIr2/2JOk= > > =Bjfw > > -----END PGP SIGNATURE----- > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > -- "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better." - Samuel Beckett
