Hello Cas users, After logging in with running sample client, it redirects to the with ST ticket. My web page shows SSL error as below with the following URL https://localhost:8443/cas-sample-java-webapp/?ticket=ST-1-4QLDV0DAywo37UaBbKNs-cas-server
The following web site shows how to troubleshoot. https://wiki.jasig.org/display/casum/ssl+troubleshooting+and+reference+guide#SSLTroubleshootingandReferenceGuide-ImportTrustedCertificate Unfortunately, I already imported self signed certificate to my ca keystore as below: keytool -import -alias cas-server -file cas-server.cer -keypass changeit -storepass changeit -keystore %JAVA_HOME%\jre\lib\security\cacerts And the following is my tomcat server.xml configuration <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:/armadasoft/SSO/cas4-overlay/cas.keystore" keystorePass="changeit" truststoreFile="C:/jdk1.7.0_55/jre/lib/security/cacerts" /> I downloaded sample client from the following link: https://github.com/UniconLabs/cas-sample-java-webapp And, modified to use web.xml like <filter-name>CAS Authentication Filter</filter-name> <!-- <filter-class>org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class> --> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <filter-name>CAS Validation Filter</filter-name> <!-- <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class> --> <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class> <!-- <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> --> Error message: HTTP Status 500 - javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found type Exception report message javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found description The server encountered an internal error that prevented it from fulfilling this request. exception java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:341) org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305) org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:207) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169) root cause javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found sun.security.ssl.Alerts.getSSLException(Alerts.java:192) sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884) sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) sun.security.ssl.Handshaker.process_record(Handshaker.java:804) sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323) sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300) sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:326) org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305) org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:207) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169) root cause java.security.cert.CertificateException: No name matching localhost found sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:208) sun.security.util.HostnameChecker.match(HostnameChecker.java:93) sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:347) sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:203) sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323) sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) sun.security.ssl.Handshaker.process_record(Handshaker.java:804) sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323) sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300) sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:326) org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305) org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:207) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169) note The full stack trace of the root cause is available in the Apache Tomcat/8.0.26 logs. ________________________________ Apache Tomcat/8.0.26 Thanks, Doe The information contained in this e-mail and any attachments is confidential and intended only for the recipient. If you are not the intended recipient, the information contained in this message may not be used, copied, or forwarded to third parties or otherwise distributed for any other purpose. Please notify the sender if you received this e-mail in error and delete the e-mail and its attachments promptly. Nothing in this e-mail may be used or deemed to form the basis of a contractual or any other legally binding obligation unless separately confirmed in writing by an authorized representative of ARMADA. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
