Cas Client PKIX path building failed

[fasr favk]

Hello, my cas server is working fine, but when i try to log in to my cas client application with spring boot , it gives this error :

"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target..."

i already imported my cas.crt to cacerts in my jdk 17. with keytool:

keytool -import -file "C:\etc\cas\cas.crt" -alias cas -keystore "C:\Program Files\Java\jdk-17\lib\security\cacerts"

NB: after refreshing my cas server i can see myself logged in with cas client, and am using ldap for auth

[Ray Bon]

The backend communication between cas and the client needs to be https, even if the browser URL is http.

Check tomcat config (or whatever container you are using), which also needs to know about the cert.

I have this in server.xml on my laptop:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

maxThreads="150" SSLEnabled="true" scheme="https" secure="true" keystorePass="password"

keystoreFile="/etc/ssl/certs/thekeystore" clientAuth="false" sslProtocol="TLS">

</Connector>

Ray

On Mon, 2023-06-19 at 04:43 -0700, fasr favk wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

[Petr Bodnár]

Hi, provided you've got setup CAS and its certificate correctly, did you check that your Java client application really uses the truststore file located at "C:\Program Files\Java\jdk-17\lib\security\cacerts"? You can do that by adding the following JVM option (system property) when starting the Java application: "-Djavax.net.debug=trustmanager" (or "-Djavax.net.debug=all", but that will output MUCH more lines).

[fasr favk]

Thank you that was helpful, my app was using the wrong trustore