I got past that error by exporting the cert and importing it into my main Java keystore:
http://stackoverflow.com/questions/13123083/cas-sslhandshakeexception-validatorexception-pkix-path-building-failed-u On Monday, April 17, 2017 at 9:12:42 AM UTC-6, Michael McDermott wrote: > > I had a very similar issue. I got part-way around it by generating a new > certificate with a CN of localhost (c.f. > http://java.globinch.com/enterprise-java/security/fix-java-security-certificate-exception-no-matching-localhost-found/#Certificate-CN-Name). > > I say part way because I now get an "PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target" exception. > > On Friday, April 14, 2017 at 12:39:10 PM UTC-5, bobbintb wrote: >> >> I got CAS 5 and the management webapp deployed but when I try to log into >> the management webapp it fails. I get redirected to CAS and login and then >> my browser gives me an "ERR_TOO_MANY_REDIRECTS". Catalina.out give me >> this error: >> >> >> ERROR [org.springframework.boot.web.support.ErrorPageFilter] - >> <Forwarding to error page from request [/callback] due to exception >> [javax.net.ssl.SSLHandshakeException: >> java.security.cert.CertificateException: No name matching localhost found]> >> >> I don't really know much about certificates. I quickly set up a self >> signed one to get CAS working following a guide. I used this command to do >> so: >> >> keytool -genkey -alias tomcat -keyalg RSA -keystore CASkeystore >> >> and then edited Tomcat's server.xml file with this: >> >> <Connector port="8443" >> protocol="org.apache.coyote.http11.Http11Protocol" >> maxThreads="150" SSLEnabled="true" scheme="https" >> secure="true" >> clientAuth="false" sslProtocol="TLS" >> keyAlias="tomcat" >> keystoreFile="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el6_8.x86_64/jre/lib/security/CASkeystore" >> keystorePass="******************" /> >> >> That got CAS working but I don't know enough about certs to know what I >> need to do to get the management app to trust CAS. Any advice is >> appreciated. >> > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/dd55733d-4f00-40c2-a0a9-f968ae481c83%40apereo.org.
