> java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target
The problem is that the JVM _system_ truststore used by the CAS client validator (which is called from Spring Security) does not trust your CAS server certificate. Note that the truststore line in your tomcat server.xml has no effect on the _system_ truststore and should be omitted. The following attempts to install your self-signed cert into the default system truststore: > C:\Program Files\Java\jdk1.6.0_20\bin>keytool -import -file server.crt > -keypass changeit -keystore ..\jre\lib\security\cacerts The above _should_ work if that's the same JVM used by Tomcat and you haven't customized your system truststore path by setting javax.net.ssl.trustStore. The best thing to do at this point is an SSL trace and post the output here; see the last section of https://wiki.jasig.org/display/CASUM/SSL+Troubleshooting+and+Reference+Guide for instructions. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
