Hi You have generated ssl certificate in cas serve which must be installed in your client application. I think that in your case is other server. On Jul 4, 2013 10:58 AM, "shibaram" <mspsa...@gmail.com> wrote:
> Hi All, > > I have successfully deployed cas server (version > cas-server-3.5.2) > on tomcat 6.x with Java 1.6., Windows Xp machine. > I have followed https://wiki.jasig.org/display/CASUM/Demo > <https://wiki.jasig.org/display/CASUM/Demo> and other tutorials and > configured cas correctly. > I have Used JPATicketRegistry and all the ticket related database tables > got > created automatically and tickets are being inserted. > > *I can use https (ssl) to login to CAS server using JDBC to mysql db and I > get the successfully logged in message too. > But while trying to access the https://localhost:8443/cas/services/ > <https://localhost:8443/cas/services/> * > I get this error: > > <http://jasig.275507.n4.nabble.com/file/n4660131/2013-07-04_21_08_10.png> > > > And getting below exception stacktrace: > > [code] > ERROR [org.jasig.cas.client.util.CommonUtils] - > *<sun.security.validator.ValidatorException: PKIX > path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification pa > th to requested target>* > *javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security. > provider.certpath.SunCertPathBuilderException: unable to find valid > certification path to requested target* > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown > Source) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown > Source) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown > Source) > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown > Source) > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown > Source) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown > Source) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown > Source) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > Source) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > Source) > at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown > Source) > at > > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown > Source) > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown > Source) > at > > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:326) > at > > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305) > at > > org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(Abstrac > tCasProtocolUrlBasedTicketValidator.java:50) > at > > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java > :207) > at > > org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationPr > ovider.java:140) > at > > org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvi > der.java:126) > at > > org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) > at > > org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.ja > va:242) > at > > org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthe > nticationProcessingFilter.java:194) > at > > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) > at > > org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) > at > > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) > at > > org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistence > Filter.java:87) > at > > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) > at > > org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173) > at > > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) > at > > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > > com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861) > at > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606) > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) > at java.lang.Thread.run(Unknown Source) > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertP > athBuilderException: unable to find valid certification path to requested > target > at sun.security.validator.PKIXValidator.doBuild(Unknown Source) > at sun.security.validator.PKIXValidator.engineValidate(Unknown > Source) > at sun.security.validator.Validator.validate(Unknown Source) > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source) > at > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown > Source) > at > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown > Source) > ... 44 more > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to reques > ted target > at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown > Source) > at java.security.cert.CertPathBuilder.build(Unknown Source) > ... 50 more > Jul 4, 2013 8:47:49 PM org.apache.catalina.core.StandardWrapperValve invoke > SEVERE: Servlet.service() for servlet default threw exception > java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path bu > ilding failed: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to re > quested target > at > > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:341) > at > > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305) > at > > org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(Abstrac > tCasProtocolUrlBasedTicketValidator.java:50) > at > > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java > :207) > at > > org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationPr > ovider.java:140) > at > > org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvi > der.java:126) > at > > org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) > at > > org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.ja > va:242) > at > > org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthe > nticationProcessingFilter.java:194) > at > > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) > at > > org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) > at > > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) > at > > org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistence > Filter.java:87) > at > > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) > at > > org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173) > at > > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) > at > > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > > com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861) > at > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606) > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) > at java.lang.Thread.run(Unknown Source) > Caused by: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: su > n.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown > Source) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown > Source) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown > Source) > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown > Source) > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown > Source) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown > Source) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown > Source) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > Source) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > Source) > at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown > Source) > at > > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown > Source) > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown > Source) > at > > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:326) > ... 31 more > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertP > athBuilderException: unable to find valid certification path to requested > target > at sun.security.validator.PKIXValidator.doBuild(Unknown Source) > [/code] > > > I have followed this post also: > > http://jasig.275507.n4.nabble.com/Problema-SSL-no-CAS-Single-Sign-On-ajuda-td2305419.html#a2305431 > < > http://jasig.275507.n4.nabble.com/Problema-SSL-no-CAS-Single-Sign-On-ajuda-td2305419.html#a2305431 > > > > *But, I am getting no ssl trace in logs or on tomcat's console.* > > I have tried the solutions in below posts also: > > http://stackoverflow.com/questions/14947517/pkix-path-building-failed-sun-security-provider-certpath-suncertpathbuilderexce > < > http://stackoverflow.com/questions/14947517/pkix-path-building-failed-sun-security-provider-certpath-suncertpathbuilderexce > > > > http://stackoverflow.com/questions/13123083/cas-sslhandshakeexception-validatorexception-pkix-path-building-failed-u > < > http://stackoverflow.com/questions/13123083/cas-sslhandshakeexception-validatorexception-pkix-path-building-failed-u > > > > But none is working for me in my Single server, windows environment. > > Please help. > > > > -- > View this message in context: > http://jasig.275507.n4.nabble.com/PKIX-path-building-failed-sun-security-provider-certpath-SunCertPathBuilderException-unable-to-find-s-tp4660131.html > Sent from the CAS Users mailing list archive at Nabble.com. > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > eddu.melen...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user