AFAIK, the cacerts file at that location is never consulted by default... the default keystore location is $HOME/.keystore
So in order to get that cacerts file set you can use "-Djavax.net.ssl.keyStore=$JDK_HOME/jre/lib/security/cacerts" at startup or copy that file to .keystore in the JVM user's home. 'Course, the world could have shifted while I wasn't looking... happens often. Also worth mentioning since I don't see it skimming the above blog post and comment is that if your cas server is signed by a CA that is not in the standard cacerts file, you have to put that CA's cert in the file urself. On Wed, Mar 10, 2010 at 7:19 PM, Harikrishnan R. <hari...@gmail.com> wrote: > Hi , > You are accessing the HTTP service over https. > Please export the public certificate from CAS server and load it your trust > store(the JVM where you interacting with CAS). > You can also simply add the certificate to cacerts available in > jdk/jre/lib/security directory. > Regards > Hari > n Wed, Mar 10, 2010 at 7:09 PM, Cary, Kim <kim.c...@pepperdine.edu> wrote: >> >> Can anyone help me understand this error message? I have 7000+ of them in >> my log all of a sudden. >> >> org.jasig.cas.util.HttpClient:214 >> >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target >> at >> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1584) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) >> at >> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848) >> at >> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:877) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1089) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1116) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1100) >> at >> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) >> at >> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) >> at >> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:883) >> at >> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230) >> at >> org.jasig.cas.util.HttpClient$MessageSender.call(HttpClient.java:195) >> at >> org.jasig.cas.util.HttpClient$MessageSender.call(HttpClient.java:160) >> at >> java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:269) >> at java.util.concurrent.FutureTask.run(FutureTask.java:123) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:651) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:676) >> at java.lang.Thread.run(Thread.java:613) >> Caused by: sun.security.validator.ValidatorException: PKIX path building >> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable >> to find valid certification path to requested target >> at >> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) >> at >> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) >> at sun.security.validator.Validator.validate(Validator.java:203) >> at >> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172) >> at >> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320) >> at >> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841) >> ... 18 more >> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: >> unable to find valid certification path to requested target >> at >> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236) >> at >> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194) >> at >> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:2 >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: >> hari...@gmail.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > jpgorr...@ucdavis.edu > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- Jon Gorrono PGP Key: 0x5434509D - http{pgp.mit.edu:11371/pks/lookup?search=0x5434509D&op=index} Thawte Notary - https{www.thawte.com/cgi/personal/wot/directory.exe?node=312} GSWoT Introducer - {GSWoT:US75 5434509D Jon P. Gorrono <jpgorrono - gswot.org>} http{ats.ucdavis.edu} -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
