CAS Client Location (PKIX path building failed)

[Kevin Liu]

I'm running into a PKIX path building failed and in the documentation it lists this: "The problem here is that the CAS client does not trust the certificate presented by the CAS server; most often this occurs because of using a self-signed certificate on the CAS server. "

I'm currently using tomcat to run cas vanila server. What would be the CAS client in this scenario?

[Kevin Liu]

This is the error I keep getting:

Error: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

[Man H]

Path to your certificate is not found

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2ae7add2-3240-458b-9f4a-ee8ea012c411%40apereo.org.

[Kevin Liu]

Where is the path specified? I don't remember running into this?

On Tuesday, February 20, 2018 at 10:37:53 AM UTC-6, Manfredo Hopp wrote:

Path to your certificate is not found

El martes, 20 de febrero de 2018, Kevin Liu <annih...@gmail.com> escribió:

This is the error I keep getting:

Error: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

On Tuesday, February 20, 2018 at 9:59:04 AM UTC-6, Kevin Liu wrote:

I'm running into a PKIX path building failed and in the documentation it lists this: "The problem here is that the CAS client does not trust the certificate presented by the CAS server; most often this occurs because of using a self-signed certificate on the CAS server. "

I'm currently using tomcat to run cas vanila server. What would be the CAS client in this scenario?

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

[Ray Bon]

Kevin,

If you are using a self signed cert, it must be added into the java environment. Something like:

install self signed certificates in java certificate store (must be done for every java upgrade)

sudo keytool -import -file /etc/ssl/certs/name_of.crt -alias name_of -keystore $JAVA_HOME/jre/lib/security/cacerts

Ray

On Tue, 2018-02-20 at 07:59 -0800, Kevin Liu wrote:

I'm running into a PKIX path building failed and in the documentation it lists this: "The problem here is that the CAS client does not trust the certificate presented by the CAS server; most often this occurs because of using a self-signed certificate on the CAS server. "

I'm currently using tomcat to run cas vanila server. What would be the CAS client in this scenario?

-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

[Kevin Liu]

I did do that but I'm still getting the same error it seems. Is there anything I'd have to restart for the change to take effect?

[Ray Bon]

Kevin,

Are you accessing /cas/login or do you have a another application that is configured to use CAS?

If a different application, is it running in the same tomcat as CAS or perhaps even on a different computer?

Perhaps tomcat needs to have the certificate path in the https section of conf/server.xml.

Ray

[Kevin Liu]

Ray,

I am trying to access /cas/status/dashboard from the tomcat server that's deploying the cas.war.

Kevin

[Kevin Liu]

I have a keystore in /opt/tomcat/keystore that tomcat uses for SSL. I have another keystore in /etc/cas/thekeystore that cas uses. There is also another keystore in /usr/java/jre/lib/security/cacerts that I've imported certs into too. They are all using the same certs as I created a cert in one and imported it to the others.

[Ray Bon]

Kevin,

Could it be a problem with the certificate? Perhaps misspelled hosts names.

Ray

[Kevin Liu]

Double checked and even reimported the certs to all keystores. Still same issue. I'm at a total loss. I might try localhosts as the host name to see if that'll work.

[Alexandre Adao]

Did you try to import the server's certificate into the jre cacerts keystore?

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c83a226a-8e7f-429b-8e80-8dc1f3cb6f8a%40apereo.org.