Interesting that I am able to accomplish all this with just a
keystore my cacerts would not be loaded, I s'pose, on startup (and
I know it is not) because my $JAVA_HOME is the jdk root perhaps. I
am 99% sure I determined the keystore (not truststore) search
mechanism by walking thru the jdk
> So that means that either 1) one of the CAS client webpapps is running a
> self-signed cert or 2) my CA Root database is out of date, correct?
Those are two common causes of trust errors, sure. The fact that
you're seeing this on the CAS server means it's probably a proxy
callback that's faili
> AFAIK, the cacerts file at that location is never consulted by
> default... the default keystore location is $HOME/.keystore
This is incorrect.
http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html
indicates the search order is as follows:
1. Location specified by javax.net
On Wed, Mar 10, 2010 at 10:42 PM, Cary, Kim wrote:
> Thanks, Somesh. So that means that either 1) one of the CAS client webpapps
> is running a self-signed cert or 2) my CA Root database is out of date,
> correct?
>
>
1) Probably
2) That depends on which version of Java you are using. The cacert
Thanks, Somesh. So that means that either 1) one of the CAS client webpapps is
running a self-signed cert or 2) my CA Root database is out of date, correct?
On Mar 10, 2010, at 5:21 PM, Somesh Kumar wrote:
> this might help
>
> http://blogs.sun.com/gc/entry/unable_to_find_valid_certification
>
AFAIK, the cacerts file at that location is never consulted by
default... the default keystore location is $HOME/.keystore
So in order to get that cacerts file set you can use
"-Djavax.net.ssl.keyStore=$JDK_HOME/jre/lib/security/cacerts" at
startup
or copy that file to .keystore in the JVM user's
Hi ,
You are accessing the HTTP service over https.
Please export the public certificate from CAS server and load it your trust
store(the JVM where you interacting with CAS).
You can also simply add the certificate to cacerts available in
jdk/jre/lib/security directory.
Regards
Hari
n Wed, Mar 10,
this might help
http://blogs.sun.com/gc/entry/unable_to_find_valid_certification
On Wed, Mar 10, 2010 at 8:09 PM, Cary, Kim wrote:
> Can anyone help me understand this error message? I have 7000+ of them in my
> log all of a sudden.
>
> org.jasig.cas.util.HttpClient:214
>
> javax.net.ssl.SSLHan
Can anyone help me understand this error message? I have 7000+ of them in my
log all of a sudden.
org.jasig.cas.util.HttpClient:214
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderExcept