> sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target
This exception is normally caused by certificate trust issues. There are two keystores of interest with CAS: 1. Tomcat (or other Web application container) keystore 2. System truststore (truststore == keystore containing only trustedCertEntry items) According to your stack trace, your application is having trouble with the second. The CASFilter is attempting to make a connection to the CAS server and failing likely because your system truststore does not contain your CAS server certificate or its signing certificate chain, either of which would be adequate for establishing trust. You can solve this by importing the CAS server certificate (or its signing certificate chain) into the system truststore ($JAVA_HOME/jre/lib/security/cacerts) using the Java keytool utility. An alternative is to explicitly define the system truststore via JVM startup parameters: -Djavax.net.ssl.trustStore=/path/to/keystore -Djavax.net.ssl.trustStoreType=JKS -Djavax.net.ssl.trustStorePassword=changeit where /path/to/keystore is an application-specific keystore created using the Java keytool utility. http://java.sun.com/products/jsse/doc/guide/API_users_guide.html has detailed information on keystores, truststores, and certificate trust. Hope that helps, Marvin Addison -- Application Developer Middleware Services Virginia Tech _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
