I'm working on upgrading our CAS application from 2.X to 4.1.0. When I start up
Tomcat with the 4.1.0 application I get the errors below. If I start Tomcat
with the older CAS version, everything works. Long story but right now I stop
Tomcat, copy the war file into webapps, start Tomcat. This appears to be
related to our use of ldaps and a problem reading the trusted cert file
(caerts). I've received these errors both using a jdk and a jre (1.7). When I
access the same ldap servers using ldap protocol on 389, CAS 4.1.0 starts and
operates properly. My path to the cacerts file as specified in cas.properties
is correct (I've confirmed that). Is there a place where I need to specify
format the trust store is in? Googling the root exception suggests a format
change from PKCS12 to JKS may be one possible remedy for this problem, but the
older CAS 2. Application has no problem with ldaps and trusting the ldap
server's cert (not a self-signed).
Using JDK/JRE 1.7.0.21 and Tomcat 7.0.32 on Windows Server 2008
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'ticketRegistryCleaner' defined in ServletContext resource
[/WEB-INF/spring-configuration/ticketRegistry.xml]: Cannot resolve reference to
bean 'centralAuthenticationService' while setting constructor argument; nested
exception is org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'centralAuthenticationService' defined in
ServletContext resource [/WEB-INF/spring-configuration/applicationContext.xml]:
Cannot resolve reference to bean 'authenticationManager' while setting
constructor argument; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'authenticationManager' defined in ServletContext resource
[/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean
'ldapAuthenticationHandler' while setting constructor argument; nested
exception is org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'ldapAuthenticationHandler' defined in ServletContext
resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean
'authenticator' while setting constructor argument; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'authenticator' defined in ServletContext resource
[/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean
'authHandler' while setting constructor argument; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'authHandler' defined in ServletContext resource
[/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean
'bindPooledLdapConnectionFactory' while setting bean property
'connectionFactory'; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'bindPooledLdapConnectionFactory' defined in ServletContext resource
[/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean
'bindConnectionPool' while setting bean property 'connectionPool'; nested
exception is org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'bindConnectionPool' defined in ServletContext resource
[/WEB-INF/deployerConfigContext.xml]: Invocation of init method failed; nested
exception is java.lang.IllegalArgumentException:
java.security.cert.CertificateException: Could not parse certificate:
java.io.IOException: Empty input
...a chain of similar errors about creating beans with root cause of ....
Caused by: java.security.cert.CertificateException: Could not parse
certificate: java.io.IOException: Empty input
at
sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:104)
at
java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
at
org.ldaptive.ssl.X509CertificatesCredentialReader.read(X509CertificatesCredentialReader.java:45)
at
org.ldaptive.ssl.X509CertificatesCredentialReader.read(X509CertificatesCredentialReader.java:31)
at
org.ldaptive.ssl.AbstractCredentialReader.read(AbstractCredentialReader.java:52)
at
org.ldaptive.ssl.X509CredentialConfig.createSSLContextInitializer(X509CredentialConfig.java:129)
at
org.ldaptive.ssl.TLSSocketFactory.initialize(TLSSocketFactory.java:52)
at
org.ldaptive.ssl.ThreadLocalTLSSocketFactory.getHostnameVerifierFactory(ThreadLocalTLSSocketFactory.java:98)
... 122 more
Caused by: java.io.IOException: Empty input
at
sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:101)
... 129 more
I don't see anything in the ldaptive or CAS 4.1 docs that mention setting a
format or other attribute for the cacerts file. Still using the default
keystore password as well.
Thanks for any help in advance,
----
Allan Axon
Delivery Services, Enterprise Applications and GIS Manager
Information Technology Services
NC Department of Environmental Quality
919-707-8913
----
Email correspondence to and from this address is subject to the North Carolina
Public Records Law and may be disclosed to third parties unless the content is
exempt by statute or other regulation.
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
