[cas-user] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification pa th to requested target : Error on Single server while accessing services
529 views
Skip to first unread message
shibaram
Jul 4, 2013, 11:56:19 AM7/4/13
to cas-...@lists.jasig.org
Hi All,
I have successfully deployed cas server (version cas-server-3.5.2)
on tomcat 6.x with Java 1.6., Windows Xp machine.
I have followed https://wiki.jasig.org/display/CASUM/Demo
<https://wiki.jasig.org/display/CASUM/Demo> and other tutorials and
configured cas correctly.
I have Used JPATicketRegistry and all the ticket related database tables got
created automatically and tickets are being inserted.
*I can use https (ssl) to login to CAS server using JDBC to mysql db and I
get the successfully logged in message too.
But while trying to access the https://localhost:8443/cas/services/
<https://localhost:8443/cas/services/> *
I get this error:
<http://jasig.275507.n4.nabble.com/file/n4660131/2013-07-04_21_08_10.png>
And getting below exception stacktrace:
[code]
ERROR [org.jasig.cas.client.util.CommonUtils] -
*<sun.security.validator.ValidatorException: PKIX
path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification pa
th to requested target>*
*javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.
provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target*
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
Source)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
Source)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
Source)
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:326)
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305)
at
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(Abstrac
tCasProtocolUrlBasedTicketValidator.java:50)
at
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java
:207)
at
org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationPr
ovider.java:140)
at
org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvi
der.java:126)
at
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at
org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.ja
va:242)
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthe
nticationProcessingFilter.java:194)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistence
Filter.java:87)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertP
athBuilderException: unable to find valid certification path to requested
target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown
Source)
at sun.security.validator.Validator.validate(Unknown Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
... 44 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to reques
ted target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 50 more
Jul 4, 2013 8:47:49 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet default threw exception
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path bu
ilding failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to re
quested target
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:341)
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305)
at
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(Abstrac
tCasProtocolUrlBasedTicketValidator.java:50)
at
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java
:207)
at
org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationPr
ovider.java:140)
at
org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvi
der.java:126)
at
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at
org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.ja
va:242)
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthe
nticationProcessingFilter.java:194)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistence
Filter.java:87)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed: su
n.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
Source)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
Source)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
Source)
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:326)
... 31 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertP
athBuilderException: unable to find valid certification path to requested
target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
[/code]
I have followed this post also:
http://jasig.275507.n4.nabble.com/Problema-SSL-no-CAS-Single-Sign-On-ajuda-td2305419.html#a2305431
<http://jasig.275507.n4.nabble.com/Problema-SSL-no-CAS-Single-Sign-On-ajuda-td2305419.html#a2305431>
*But, I am getting no ssl trace in logs or on tomcat's console.*
I have tried the solutions in below posts also:
http://stackoverflow.com/questions/14947517/pkix-path-building-failed-sun-security-provider-certpath-suncertpathbuilderexce
<http://stackoverflow.com/questions/14947517/pkix-path-building-failed-sun-security-provider-certpath-suncertpathbuilderexce>
http://stackoverflow.com/questions/13123083/cas-sslhandshakeexception-validatorexception-pkix-path-building-failed-u
<http://stackoverflow.com/questions/13123083/cas-sslhandshakeexception-validatorexception-pkix-path-building-failed-u>
But none is working for me in my Single server, windows environment.
Please help.
--
View this message in context: http://jasig.275507.n4.nabble.com/PKIX-path-building-failed-sun-security-provider-certpath-SunCertPathBuilderException-unable-to-find-s-tp4660131.html
Sent from the CAS Users mailing list archive at Nabble.com.
--
You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
I have successfully deployed cas server (version cas-server-3.5.2)
on tomcat 6.x with Java 1.6., Windows Xp machine.
I have followed https://wiki.jasig.org/display/CASUM/Demo
<https://wiki.jasig.org/display/CASUM/Demo> and other tutorials and
configured cas correctly.
I have Used JPATicketRegistry and all the ticket related database tables got
created automatically and tickets are being inserted.
*I can use https (ssl) to login to CAS server using JDBC to mysql db and I
get the successfully logged in message too.
But while trying to access the https://localhost:8443/cas/services/
<https://localhost:8443/cas/services/> *
I get this error:
<http://jasig.275507.n4.nabble.com/file/n4660131/2013-07-04_21_08_10.png>
And getting below exception stacktrace:
[code]
ERROR [org.jasig.cas.client.util.CommonUtils] -
*<sun.security.validator.ValidatorException: PKIX
path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification pa
th to requested target>*
*javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.
provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target*
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
Source)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
Source)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
Source)
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:326)
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305)
at
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(Abstrac
tCasProtocolUrlBasedTicketValidator.java:50)
at
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java
:207)
at
org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationPr
ovider.java:140)
at
org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvi
der.java:126)
at
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at
org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.ja
va:242)
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthe
nticationProcessingFilter.java:194)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistence
Filter.java:87)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertP
athBuilderException: unable to find valid certification path to requested
target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown
Source)
at sun.security.validator.Validator.validate(Unknown Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
... 44 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to reques
ted target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 50 more
Jul 4, 2013 8:47:49 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet default threw exception
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path bu
ilding failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to re
quested target
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:341)
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305)
at
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(Abstrac
tCasProtocolUrlBasedTicketValidator.java:50)
at
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java
:207)
at
org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationPr
ovider.java:140)
at
org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvi
der.java:126)
at
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at
org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.ja
va:242)
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthe
nticationProcessingFilter.java:194)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistence
Filter.java:87)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed: su
n.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
Source)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
Source)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
Source)
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:326)
... 31 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertP
athBuilderException: unable to find valid certification path to requested
target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
[/code]
I have followed this post also:
http://jasig.275507.n4.nabble.com/Problema-SSL-no-CAS-Single-Sign-On-ajuda-td2305419.html#a2305431
<http://jasig.275507.n4.nabble.com/Problema-SSL-no-CAS-Single-Sign-On-ajuda-td2305419.html#a2305431>
*But, I am getting no ssl trace in logs or on tomcat's console.*
I have tried the solutions in below posts also:
http://stackoverflow.com/questions/14947517/pkix-path-building-failed-sun-security-provider-certpath-suncertpathbuilderexce
<http://stackoverflow.com/questions/14947517/pkix-path-building-failed-sun-security-provider-certpath-suncertpathbuilderexce>
http://stackoverflow.com/questions/13123083/cas-sslhandshakeexception-validatorexception-pkix-path-building-failed-u
<http://stackoverflow.com/questions/13123083/cas-sslhandshakeexception-validatorexception-pkix-path-building-failed-u>
But none is working for me in my Single server, windows environment.
Please help.
--
View this message in context: http://jasig.275507.n4.nabble.com/PKIX-path-building-failed-sun-security-provider-certpath-SunCertPathBuilderException-unable-to-find-s-tp4660131.html
Sent from the CAS Users mailing list archive at Nabble.com.
--
You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Eddú Meléndez Gonzales
Jul 4, 2013, 1:22:43 PM7/4/13
to cas-...@lists.jasig.org
Hi
You have generated ssl certificate in cas serve which must be installed in your client application. I think that in your case is other server.
You are currently subscribed to cas-...@lists.jasig.org as: eddu.m...@gmail.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Marvin Addison
Jul 4, 2013, 1:53:42 PM7/4/13
to cas-...@lists.jasig.org
> ERROR [org.jasig.cas.client.util.CommonUtils] -
> *<sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target>*
A common error. See
> *<sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target>*
https://wiki.jasig.org/display/CASUM/SSL+Troubleshooting+and+Reference+Guide
for help. If you continue to have trouble, post an SSL trace.
M
Shiva
Jul 4, 2013, 3:50:40 PM7/4/13
to cas-...@lists.jasig.org
I have posted the question on the forum at this location:
Thank you Eddu . But without cas client, Can't we directly access the services url of the server in browser to test it ?
In my case, my client is also same windows machine, it can be the same tomcat or can be a different tomcat. So basically configured to use same localhost SSL certificate.
I have imported the cert into the System's JAVA_HOME/jre/lib/security/cacerts.
Thank you Marvin!
I have followed the SSL Reference guide:
But still getting the issue, when trying to access the services url in my browser.
I have setup tomcat, to have the setenv.bat file as follows:
# Uncomment the next 4 lines for custom SSL keystore
# used by all deployed applications
set KEYSTORE="C:\tomcat6-CAS\conf\ssl\openssl\localhostServerKeystore.jks"
set CATALINA_OPTS=%CATALINA_OPTS%" -Djavax.net.ssl.keyStore=%KEYSTORE%"
set CATALINA_OPTS=%CATALINA_OPTS%" -Djavax.net.ssl.keyStoreType=JKS"
set CATALINA_OPTS=%CATALINA_OPTS%" -Djavax.net.ssl.keyStorePassword=changeit"
# Uncomment the next 4 lines to allow custom SSL trust store
# used by all deployed applications
set TRUSTSTORE="C:\Java\jdk1.6.0_24\jre\lib\security\cacerts"
set CATALINA_OPTS=%CATALINA_OPTS%" -Djavax.net.ssl.trustStore=%TRUSTSTORE%"
set CATALINA_OPTS=%CATALINA_OPTS%" -Djavax.net.ssl.trustStoreType=JKS"
set CATALINA_OPTS=%CATALINA_OPTS%" -Djavax.net.ssl.trustStorePassword=changeit"
# Uncomment the next line to print SSL debug trace in catalina.out
set CATALINA_OPTS=%CATALINA_OPTS%" -Djavax.net.debug=ssl"
Now, I don't know where to look for the SSL trace, it neither generate any logs in the cas.log file nor on the tomcat's console.
Where to look for the SSL trace ? Or am I missing any thing.
--
You are currently subscribed to cas-...@lists.jasig.org as: msps...@gmail.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Rahul_ARS
Jul 7, 2013, 5:04:25 AM7/7/13
to cas-...@lists.jasig.org
Hi,
As per stacktrace you have shared , you may be having this error as thr
cert jks file is missing in classpath maintained for the server. Can you
please check the class path....
--
View this message in context: http://jasig.275507.n4.nabble.com/PKIX-path-building-failed-sun-security-provider-certpath-SunCertPathBuilderException-unable-to-find-s-tp4660131p4660148.html
As per stacktrace you have shared , you may be having this error as thr
cert jks file is missing in classpath maintained for the server. Can you
please check the class path....
--
View this message in context: http://jasig.275507.n4.nabble.com/PKIX-path-building-failed-sun-security-provider-certpath-SunCertPathBuilderException-unable-to-find-s-tp4660131p4660148.html
Reply all
Reply to author
Forward
0 new messages