Announcement Announcement Module
No announcement yet.
CAS - SSL Certs Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • CAS - SSL Certs

    Hi 2gether,

    i think i have a common problem with certificates and cas authentication. On local tests everything works fine, but as it comes to our production environment, my generated certificates (with the right CN [FQDN] in it) wont work.

    i followed the quide on CAS - SSL + LDAP (and others), but with no success

    i get the following error: PKIX building path failed ...
    SunCertPathBuilderException: unable to find valid certification path to requested target

    as my understandings of generating a keystore for ssl:
    - that you'll just have to generate a keystore (or use your cacerts from your jdk with a new alias) with the correct FQDN (without ports and app-name..)
    - generate a CSR from it
    - Sign it via an CA (in my case i generated one as it's only for interal use)
    - import the signed cert to your keystore
    - import the ca.pem (to trust all certs signed from this CA)

    or did i miss something essential here?

    another fact is, as both applications run on the same machine with seperated tomcats. The FQDN is the same, so i assume i can use this keystore for both of them

    (added keystore/truststore properties to the ssl connector pointing to the same files; both are in the conf directory)

    the scenario:
    - user visits the client app [HTTPS] ->
    - browser prompts with accept certificate from client [ACCEPTED]
    - client app calls the CAS app [HTTPS] ->
    - browser prompts with accept the certificate from server [ACCEPTED]->
    - authentication works, user found and ticket granded ->
    - CAS app returns to the calling app ->
    - Exception thrown PKIX ... Handshake ...

    any ideas?


  • #2
    This isn't really a Spring Security question and is a common problem for CAS users. If you google for:

    '+cas "unable to find valid certification path to requested target"'

    You will get "About 10,000 results (0.31 seconds)".