ok...both cas and uportal are on the same host...so if I'm reading you right, it sounds like all I need to do is import my self-signed certificate one time into system truststore you mentioned and the exception should go away correct? If that is the case, my next question is how do I install my certificate in the system truststore?
Curtis On Mon, Oct 12, 2009 at 8:31 PM, Marvin Addison <[email protected]> wrote: >> 1) Can the certificate be applied at the apache level or does it have >> to be applied on the tomcat level? > > Neither. The exception you quoted below is an SSL trust problem with > the JVM and has nothing to do with the key/truststores used by Tomcat: > >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to >> find valid certification path to requested target > > You must install the self-signed certificate of the CAS server into > the system truststore on the portal host. The default location of the > system truststore is $JAVA_HOME/jre/lib/security/cacerts. > >> 2) Once the ssl works, do I simply remove the >> BROKEN_SECURITY_ALLOW_NON_SSL init parameter from the uportal web.xml? > > In order to get proxy ticket validation working, the CAS server must > also trust the certificate presented by the portal. In your case > where you're using a self-signed cert for uPortal as well, you'll need > to import the portal certificate into the CAS server system > truststore. In the end you import the self-signed certs of both hosts > into the system truststores of their partners. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- Curtis Garman Web Programmer Heartland Community College -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
