RE: [cas-user] SSL error with LDAP

ook to see if the "Entry type:" for the alias of the self-signed cert is trustedCertEntry From: Schawn E. Thropp [mailto:se_thr...@yahoo.com] Sent: Friday, January 04, 2013 2:27 PM To: cas-user@lists.jasig.org Subject: Re: [cas-user] SSL error with LDAP Marvin, System truststore? do you

Re: [cas-user] SSL error with LDAP

> System truststore? do you mean the JRE cacerts? $JRE_HOME/lib/security/cacerts is the default location, yes, but it can be customized via system properties (javax.net.ssl.trustStore and friends). > when i checked this it seems to have the self-signed cert in it. I don't see any evidence that

Re: [cas-user] SSL error with LDAP

Marvin, System truststore?  do you mean the JRE cacerts?  when i checked this it seems to have the self-signed cert in it. From: Marvin Addison To: cas-user@lists.jasig.org Sent: Friday, January 4, 2013 3:00 PM Subject: Re: [cas-user] SSL error with LDAP

Re: [cas-user] SSL error with LDAP

> Thank you, but I need help understanding a little more. I thought for > development purposes this was OK? Is self-signed not the way to go? > Is there a way to override this behavior or can I not use a self-signed > cert? Simply add the self-signed cert to the system truststore and you should

Re: [cas-user] SSL error with LDAP

mpson, Jr." To: cas-user@lists.jasig.org Sent: Friday, January 4, 2013 2:14 PM Subject: Re: [cas-user] SSL error with LDAP On Fri, Jan 4, 2013 at 1:48 PM, Schawn E. Thropp wrote: > I experienced a wierd error that I need some help with.  I have a set up > where I was accessing a produ

Re: [cas-user] SSL error with LDAP

On Fri, Jan 4, 2013 at 1:48 PM, Schawn E. Thropp wrote: > I experienced a wierd error that I need some help with. I have a set up > where I was accessing a production level LDAP server with a specific URL > (setup in my deployerConfigContext.xml). I recently changed the URL to a > development LD

[cas-user] SSL error with LDAP

I experienced a wierd error that I need some help with.  I have a set up where I was accessing a production level LDAP server with a specific URL (setup in my deployerConfigContext.xml).  I recently changed the URL to a development LDAP server and I am know seeing the following error:   ERROR [

Re: [cas-user] SSL Error on CAS client

I'm assuming you're trying to access /cas/validate from a client application, is that correct? The documentation heresays to import the CAS Server certificate into the client JVM's keystore, which it seems you've tried, b

Re: [cas-user] SSL Error on CAS client

The default password for the Java 'cacerts' keystore is 'changeit'. Best regards, -- Carlos M. Fernández Sr. Enterprise Systems Admin Saint Joseph's University W: 610-660-1501 M: 215-316-1193 E: cfern...@sju.edu On Oct 25, 2012, at 19:42, "Jonathan" wrote: > I am using the CAS protocol /cas/val

[cas-user] SSL Error on CAS client

I am using the CAS protocol /cas/validate and getting SSL errors. I think it is due to being the certificate self generated. Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCe

Re: [cas-user] SSL Error

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This advice, piled with a plethora of other pieces of evidence eventually resulted in the server admins looking into the issue. Once they correctly installed the intermediate cert *AND* had the correct alternate names in the cert, things started hummi

Re: [cas-user] SSL Error

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In catalina.out2, the line the error starts on is immediately following the SQL error. The line starts with "2010-04-06 15:23:41,306" Jeff Scott Battaglia wrote: > I don't see any SSL errors in the catalina.out > > Did I miss it? > > > On Tue, Apr

Re: [cas-user] SSL Error

Found the needle in the haystack: chain [0] = [ [ Version: V3 Subject: CN=*.uni.edu, OU=Information Technology Services - Information Systems, O=University of Northern Iowa, L=Cedar Falls, ST=Iowa, C=US Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: SunPKCS11-Solaris RSA p

Re: [cas-user] SSL Error

I don't see any SSL errors in the catalina.out Did I miss it? On Tue, Apr 6, 2010 at 5:05 PM, Jeff Chapin wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Is that related to the SSL issue? That error started when we began > logging to the database, and I have not had time to addres

Re: [cas-user] SSL Error

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is that related to the SSL issue? That error started when we began logging to the database, and I have not had time to address thant one -- it is believed that the SSL error is much more critical. Jeff Scott Battaglia wrote: > The error is this: > Ex

Re: [cas-user] SSL Error

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Actually, late last night I stumbled on something that may be related, and I am following up on that. It appears that the SSL certificate was improperly issued. It is a wildcard with the following alternative domains: server.domain.edu.domain.edu and

Re: [cas-user] SSL Error

> Looking at that cacerts file, it appears that the DigiCert Global CA is > in there... Next step is to produce an SSL trace and attach it. http://www.ja-sig.org/wiki/display/CASUM/SSL+Troubleshooting+and+Reference+Guide has instructions if you need them. M -- You are currently subscribed to ca

Re: [cas-user] SSL Error

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We have not deliberately set javax.net.ssl.trustStore. Looking at that cacerts file, it appears that the DigiCert Global CA is in there... I'll keep digging, thanks. Jeff Marvin Addison wrote: > I will assume you're not using a custom truststore v

RE: [cas-user] SSL Error

onday, April 05, 2010 3:59 PM > To: cas-user@lists.jasig.org > Subject: Re: [cas-user] SSL Error > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Marvin, > > Thanks for your help, but I am still running into trouble. I have tried > importing the Digicert Global CA from

Re: [cas-user] SSL Error

I will assume you're not using a custom truststore via the javax.net.ssl.trustStore system property, which means the system key/truststore is $JAVA_HOME/jre/lib/security/cacerts. Import the DigiCert CA cert into that file and try again. I've never used the .keystore in the user directory, althoug

Re: [cas-user] SSL Error

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marvin, Thanks for your help, but I am still running into trouble. I have tried importing the Digicert Global CA from the website, as well as the CA file provided to us in the bundle we got when we registered for a SSL. I imported these both into .key

[cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: Re: [cas-user] SSL Error

Hallo, ich bin zurzeit im Urlaub und deshalb nicht via Mail erreichbar. Wenden Sie sich in dringenden Fällen bitte per Mail (i...@form4.de) oder telefonisch (030/27 87 84-0) an meine Kollegen. Ab dem 12.04.2010 können Sie mich wieder im Büro erreichen. Viele Grüße Hajo Passon -- You are curr

[cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: Re: [cas-user] SSL Error

Hallo, ich bin zurzeit im Urlaub und deshalb nicht via Mail erreichbar. Wenden Sie sich in dringenden Fällen bitte per Mail (i...@form4.de) oder telefonisch (030/27 87 84-0) an meine Kollegen. Ab dem 12.04.2010 können Sie mich wieder im Büro erreichen. Viele Grüße Hajo Passon -- You are curr

[cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: Re: [cas-user] SSL Error

Hallo, ich bin zurzeit im Urlaub und deshalb nicht via Mail erreichbar. Wenden Sie sich in dringenden Fällen bitte per Mail (i...@form4.de) oder telefonisch (030/27 87 84-0) an meine Kollegen. Ab dem 12.04.2010 können Sie mich wieder im Büro erreichen. Viele Grüße Hajo Passon -- You are curr

[cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: Re: [cas-user] SSL Error

Hallo, ich bin zurzeit im Urlaub und deshalb nicht via Mail erreichbar. Wenden Sie sich in dringenden Fällen bitte per Mail (i...@form4.de) oder telefonisch (030/27 87 84-0) an meine Kollegen. Ab dem 12.04.2010 können Sie mich wieder im Büro erreichen. Viele Grüße Hajo Passon -- You are curr

[cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: Re: [cas-user] SSL Error

Hallo, ich bin zurzeit im Urlaub und deshalb nicht via Mail erreichbar. Wenden Sie sich in dringenden Fällen bitte per Mail (i...@form4.de) oder telefonisch (030/27 87 84-0) an meine Kollegen. Ab dem 12.04.2010 können Sie mich wieder im Büro erreichen. Viele Grüße Hajo Passon -- You are curr

[cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: Re: [cas-user] SSL Error

Hallo, ich bin zurzeit im Urlaub und deshalb nicht via Mail erreichbar. Wenden Sie sich in dringenden Fällen bitte per Mail (i...@form4.de) oder telefonisch (030/27 87 84-0) an meine Kollegen. Ab dem 12.04.2010 können Sie mich wieder im Büro erreichen. Viele Grüße Hajo Passon -- You are curr

[cas-user] Re: [cas-user] Re: [cas-user] Re: [cas-user] Re: Re: [cas-user] SSL Error

Hallo, ich bin zurzeit im Urlaub und deshalb nicht via Mail erreichbar. Wenden Sie sich in dringenden Fällen bitte per Mail (i...@form4.de) oder telefonisch (030/27 87 84-0) an meine Kollegen. Ab dem 12.04.2010 können Sie mich wieder im Büro erreichen. Viele Grüße Hajo Passon -- You are curr

[cas-user] Re: [cas-user] Re: [cas-user] Re: Re: [cas-user] SSL Error

Hallo, ich bin zurzeit im Urlaub und deshalb nicht via Mail erreichbar. Wenden Sie sich in dringenden Fällen bitte per Mail (i...@form4.de) oder telefonisch (030/27 87 84-0) an meine Kollegen. Ab dem 12.04.2010 können Sie mich wieder im Büro erreichen. Viele Grüße Hajo Passon -- You are curr

[cas-user] Re: [cas-user] Re: Re: [cas-user] SSL Error

Hallo, ich bin zurzeit im Urlaub und deshalb nicht via Mail erreichbar. Wenden Sie sich in dringenden Fällen bitte per Mail (i...@form4.de) oder telefonisch (030/27 87 84-0) an meine Kollegen. Ab dem 12.04.2010 können Sie mich wieder im Büro erreichen. Viele Grüße Hajo Passon -- You are curr

[cas-user] Re: Re: [cas-user] SSL Error

Hallo, ich bin zurzeit im Urlaub und deshalb nicht via Mail erreichbar. Wenden Sie sich in dringenden Fällen bitte per Mail (i...@form4.de) oder telefonisch (030/27 87 84-0) an meine Kollegen. Ab dem 12.04.2010 können Sie mich wieder im Büro erreichen. Viele Grüße Hajo Passon -- You are curr

Re: [cas-user] SSL Error

> ... > org.jasig.cas.util.HttpClient$MessageSender.call(HttpClient.java:195) >at > org.jasig.cas.util.HttpClient$MessageSender.call(HttpClient.java:160) >at > java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) >at java.util.concurrent.FutureTask.run(FutureTa

[cas-user] SSL Error

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am getting the top error from this page: http://www.ja-sig.org/wiki/display/CASUM/SSL+Troubleshooting+and+Reference+Guide In this cas the client is the AuthCAS perl module, and we are using DigiCert as our CA, so this is not a self signed certifica