CAS Client Location (PKIX path building failed)
209 views
Skip to first unread message
Kevin Liu
Feb 20, 2018, 10:59:04 AM2/20/18
to CAS Community
I'm running into a PKIX path building failed and in the documentation it lists this: "The problem here is that the CAS client does not trust the certificate presented by the CAS server; most often this occurs because of using a self-signed certificate on the CAS server. "
I'm currently using tomcat to run cas vanila server. What would be the CAS client in this scenario?
Kevin Liu
Feb 20, 2018, 11:10:42 AM2/20/18
to CAS Community
This is the error I keep getting:
Error: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Man H
Feb 20, 2018, 11:37:53 AM2/20/18
to cas-...@apereo.org
Path to your certificate is not found
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2ae7add2-3240-458b-9f4a-ee8ea012c411%40apereo.org.
Kevin Liu
Feb 20, 2018, 12:12:17 PM2/20/18
to CAS Community
Where is the path specified? I don't remember running into this?
On Tuesday, February 20, 2018 at 10:37:53 AM UTC-6, Manfredo Hopp wrote:
Path to your certificate is not found
El martes, 20 de febrero de 2018, Kevin Liu <annih...@gmail.com> escribió:
This is the error I keep getting:--Error: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
On Tuesday, February 20, 2018 at 9:59:04 AM UTC-6, Kevin Liu wrote:I'm running into a PKIX path building failed and in the documentation it lists this: "The problem here is that the CAS client does not trust the certificate presented by the CAS server; most often this occurs because of using a self-signed certificate on the CAS server. "I'm currently using tomcat to run cas vanila server. What would be the CAS client in this scenario?
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
Ray Bon
Feb 20, 2018, 12:39:47 PM2/20/18
to cas-...@apereo.org
Kevin,
If you are using a self signed cert, it must be added into the java environment. Something like:
install self signed certificates in java certificate store (must be done for every java upgrade)
sudo keytool -import -file /etc/ssl/certs/name_of.crt -alias name_of -keystore $JAVA_HOME/jre/lib/security/cacerts
Ray
On Tue, 2018-02-20 at 07:59 -0800, Kevin Liu wrote:
I'm running into a PKIX path building failed and in the documentation it lists this: "The problem here is that the CAS client does not trust the certificate presented by the CAS server; most often this occurs because of using a self-signed certificate on the CAS server. "
I'm currently using tomcat to run cas vanila server. What would be the CAS client in this scenario?
-- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | rb...@uvic.ca
Kevin Liu
Feb 20, 2018, 2:43:52 PM2/20/18
to CAS Community
I did do that but I'm still getting the same error it seems. Is there anything I'd have to restart for the change to take effect?
Ray Bon
Feb 20, 2018, 3:21:12 PM2/20/18
to cas-...@apereo.org
Kevin,
Are you accessing /cas/login or do you have a another application that is configured to use CAS?
If a different application, is it running in the same tomcat as CAS or perhaps even on a different computer?
Perhaps tomcat needs to have the certificate path in the https section of conf/server.xml.
Ray
Kevin Liu
Feb 20, 2018, 3:34:30 PM2/20/18
to CAS Community
Ray,
I am trying to access /cas/status/dashboard from the tomcat server that's deploying the cas.war.
Kevin
Kevin Liu
Feb 20, 2018, 3:54:06 PM2/20/18
to CAS Community
I have a keystore in /opt/tomcat/keystore that tomcat uses for SSL. I have another keystore in /etc/cas/thekeystore that cas uses. There is also another keystore in /usr/java/jre/lib/security/cacerts that I've imported certs into too. They are all using the same certs as I created a cert in one and imported it to the others.
Ray Bon
Feb 21, 2018, 8:07:44 PM2/21/18
to cas-...@apereo.org
Kevin,
Could it be a problem with the certificate? Perhaps misspelled hosts names.
Ray
Kevin Liu
Feb 22, 2018, 9:32:54 AM2/22/18
to CAS Community
Double checked and even reimported the certs to all keystores. Still same issue. I'm at a total loss. I might try localhosts as the host name to see if that'll work.
Alexandre Adao
Feb 22, 2018, 10:23:30 AM2/22/18
to cas-...@apereo.org
Did you try to import the server's certificate into the jre cacerts keystore?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c83a226a-8e7f-429b-8e80-8dc1f3cb6f8a%40apereo.org.
Reply all
Reply to author
Forward
0 new messages