@Alberto Cabello Sánchez, @Andreas Vallen:
Thank you, guys!
Both JaSig CAS and client are running on the same server (let's call it
mydomain.com).
For the JaSig CAS is the domain name sso.mydomain.com and for the client
it's portal.mydomain.com.
In my /etc/tomcat7/server.xml I have the following lines
===
<!-- Connector #1 -->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
ciphers="SSL_RSA_WITH_RC4_128_SHA"
keystoreFile="${user.home}/.keystore"
keystorePass="changeit"/>
It finally works under Apache via AJP, so I have an extra line
<!-- Connector #2 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
===
At the moment, certificate files are in apache vhost file.
SSLCertificateFile /etc/apache2/ssl/STAR_mydomain_com.crt
SSLCertificateKeyFile /etc/apache2/ssl/STAR_mydomain_com.key
SSLCertificateChainFile /etc/apache2/ssl/PositiveSSL-bundle.ca-bundle
Following advise of @Alberto, in the Tomcat7 docs I found the following:
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
<Connector
protocol="HTTP/1.1"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/usr/local/ssl/server.crt"
SSLCertificateKeyFile="/usr/local/ssl/server.pem"
SSLVerifyClient="optional" SSLProtocol="TLSv1"/>
@Alberto Cabello Sánchez
Do you mean, I should be adding "SSLCertificateFile" and
"SSLCertificateKeyFile" options to the "Connector #1"?
Thanks in advance,
Best regards,
Artur
On 13 February 2014 13:14, Andreas Vallen <andreas.val...@gmail.com> wrote:
> Hi Artur,
>
> this is a very common error whose cause and resolution is described in the
> following CAS wiki page:
>
>
> https://wiki.jasig.org/display/casum/ssl+troubleshooting+and+reference+guide
>
> Cheers,
> Andreas
>
>
> On Thu, Feb 13, 2014 at 11:06 AM, Delusional Insanity <
> foreverch...@gmail.com> wrote:
>
>> Hello folks,
>>
>> I get a strange error in my catalina logs.
>>
>> 2014-02-13 08:19:23,634 WARN [org.jasig.cas.util.HttpClient] - <Error
>> Sending message to url endpoint [https://mydomain.com/en/cas/login/].
>> Error is [sun.security.validator.ValidatorException: PKIX path validation
>> failed: java.security.cert.CertPathValidatorException: Path does not chain
>> with any of the trust anchors]>
>>
>> Does anyone have an idea what causes it?
>>
>> Thanks in advance!
>>
>> Best regards,
>>
>> Artur
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as:
>> andreas.val...@gmail.com
>>
>>
>>
>>
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> foreverch...@gmail.com
>
>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
