Management app does not trust CAS
95 views
Skip to first unread message
bobbintb
Apr 14, 2017, 1:39:10 PM4/14/17
to CAS Community
I got CAS 5 and the management webapp deployed but when I try to log into the management webapp it fails. I get redirected to CAS and login and then my browser gives me an "ERR_TOO_MANY_REDIRECTS". Catalina.out give me this error:
ERROR [org.springframework.boot.web.support.ErrorPageFilter] - <Forwarding to error page from request [/callback] due to exception [javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found]>
I don't really know much about certificates. I quickly set up a self signed one to get CAS working following a guide. I used this command to do so:
keytool -genkey -alias tomcat -keyalg RSA -keystore CASkeystore
and then edited Tomcat's server.xml file with this:
keytool -genkey -alias tomcat -keyalg RSA -keystore CASkeystore
and then edited Tomcat's server.xml file with this:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keyAlias="tomcat" keystoreFile="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el6_8.x86_64/jre/lib/security/CASkeystore"
keystorePass="******************" />
That got CAS working but I don't know enough about certs to know what I need to do to get the management app to trust CAS. Any advice is appreciated.
Michael McDermott
Apr 17, 2017, 11:12:42 AM4/17/17
to CAS Community
I had a very similar issue. I got part-way around it by generating a new certificate with a CN of localhost (c.f. http://java.globinch.com/enterprise-java/security/fix-java-security-certificate-exception-no-matching-localhost-found/#Certificate-CN-Name). I say part way because I now get an "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" exception.
bobbintb
Apr 17, 2017, 11:52:54 AM4/17/17
to CAS Community
I tried what you did and I get the same error. Let me know if you get past it and I'll do the same.
bobbintb
Apr 17, 2017, 12:31:58 PM4/17/17
to CAS Community
I got past that error by exporting the cert and importing it into my main Java keystore:
http://stackoverflow.com/questions/13123083/cas-sslhandshakeexception-validatorexception-pkix-path-building-failed-u
http://stackoverflow.com/questions/13123083/cas-sslhandshakeexception-validatorexception-pkix-path-building-failed-u
On Monday, April 17, 2017 at 9:12:42 AM UTC-6, Michael McDermott wrote:
bobbintb
Apr 17, 2017, 12:47:59 PM4/17/17
to CAS Community
Reply all
Reply to author
Forward
0 new messages