thanks very much , I did it and it works On Mon, Oct 1, 2018 at 6:07 PM Luis Rodríguez Fernández <uo67...@gmail.com> wrote:
> Hello Loai, > > Agree with Christopher, you have to fix your client. Just get the root > Certificate Authority public key and import it in your client truststore. > If you did not change it the client (java) the default keystore is located > in $JAVA_HOME/jre/lib/security/cacerts. Something like: > > keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass > trust_store_password_here -alias Root -import -file the_downloaded_ca.crt > > The default password for cacerts is changeit > > Hopeit helps, > > Luis > > > > > El sáb., 29 sept. 2018 a las 12:05, Loai Abdallatif (< > loai.abdalla...@gmail.com>) escribió: > > > Thanks Chris, but how to do it, should I copy the ssl certificate from > > Webserver 192.168.1.120 to my tomcat container (worker0) in 192.168.1.111 > > in server.xml . > > any idea please > > > > On Sat, Sep 29, 2018 at 1:35 AM Christopher Schultz < > > ch...@christopherschultz.net> wrote: > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA256 > > > > > > Loai, > > > > > > On 9/27/18 10:50, Loai Abdallatif wrote: > > > > Hello, > > > > > > > > I have Set Apache Load Balancer ( ModJK) with Server IP > > > > 192.168.1.120 (Webserver01.epsilon.test) which forward the traffic > > > > to tomcat server .(192.168.1.111 (appserver01.epsilon.test) > > > > > > > > each tomcat server has three workers ( 0,1,2) > > > > > > > > I deployed *Central Authentication Service* (CAS) on Worker0 and > > > > its is working with warning related to ssl Certificate, I have > > > > another Application on this worker0 called ServiceCatalog > > > > unfortunatly it didnt work and gave error as below > > > > > > > > > > > > ERROR org.jasig.cas.client.util.CommonUtils - > > > > sun.security.validator.ValidatorException: PKIX path building > > > > failed > > > > : sun.security.provider.certpath.SunCertPathBuilderException: > > > > unable to find valid certification path to requested > > > > target javax.net.ssl.SSLHandshakeException: > > > > sun.security.validator.ValidatorException: PKIX path building > > > > failed: sun.sec > > > > urity.provider.certpath.SunCertPathBuilderException: unable to > > > > find valid certification path to requested target > > > > > > As Guido says, your client (org.jasig.cas.client) does not trust the > > > server it's trying to connect to. > > > > > > Is the server in this case the one you set up above? It's not clear > > > exactly what you are trying to do. > > > > > > There is nothing you can change with Tomcat to fix this error... you > > > must configure your client to trust the server. > > > > > > - -chris > > > -----BEGIN PGP SIGNATURE----- > > > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > > > > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAluurMsACgkQHPApP6U8 > > > pFiGARAAk5GnoU7+3tk16yh+cCme1mzPZiEUf0y1uE8CK74zaNB4OXbeF6iuNOEm > > > 9OP5MV6zyQC/NxI+DSlUzN32ZUEDLKSw7OUcMmhBfrZs690NEChHTJV9p/EpC7NS > > > 8LwMU/r3MFrvpkaLuPQsq+DbzbNRefh6+eOEhGTT3WtwW6SYtXxNUbBz4WmCSTrz > > > LHPYGTpUT19CX2BE5sNQeV5F4/ul3fLSMuVp4RryVo4BLQKBwh/rexb1fUbsdxyn > > > /v3HyCgreuhFV7DVMF+BuA46sccOm6kScMf7r9LrDioMswZvn79dFGgo9qMDgCWE > > > 37j7Dnv72GdtlkkNAkP9sKm413B4LzAhuL56bAyK+3SRRKuiqDPgq+4tcEOsIb4u > > > j6j3ZtJbpoojibAuNZWcvR3kjEPfCDUnRa6JSKXu1Y7Bekr3kLYbiGtOVWXi0ozs > > > 9zzq8D7lqSDD7b0UhuZ22yuR0OBZMlxn0/ELH0GNikyLuwAd3UrrcNXfL7kpl5P9 > > > BFSEnpZ8uD7bhXrkVCBdM+ktXrCYS8StEIFNwXe5WeUbLdXoCDNKvlKgZKq2/IkD > > > /Zjh44ecYr8TNdfvyNJxL2YGTUZcfwyZETrMX/1ont7VfFU/xHuh1DE6R60vAtfB > > > 8nEsqNc+FFocsKlEwQbVyt0XP54DPfPGzXX544NLfbaIr2/2JOk= > > > =Bjfw > > > -----END PGP SIGNATURE----- > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > > > > > -- > > "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better." > > - Samuel Beckett >