See this also: https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
On Monday, April 17, 2017 at 10:31:58 AM UTC-6, bobbintb wrote: > > I got past that error by exporting the cert and importing it into my main > Java keystore: > > > http://stackoverflow.com/questions/13123083/cas-sslhandshakeexception-validatorexception-pkix-path-building-failed-u > > On Monday, April 17, 2017 at 9:12:42 AM UTC-6, Michael McDermott wrote: >> >> I had a very similar issue. I got part-way around it by generating a new >> certificate with a CN of localhost (c.f. >> http://java.globinch.com/enterprise-java/security/fix-java-security-certificate-exception-no-matching-localhost-found/#Certificate-CN-Name). >> >> I say part way because I now get an "PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target" exception. >> >> On Friday, April 14, 2017 at 12:39:10 PM UTC-5, bobbintb wrote: >>> >>> I got CAS 5 and the management webapp deployed but when I try to log >>> into the management webapp it fails. I get redirected to CAS and login and >>> then my browser gives me an "ERR_TOO_MANY_REDIRECTS". Catalina.out give >>> me this error: >>> >>> >>> ERROR [org.springframework.boot.web.support.ErrorPageFilter] - >>> <Forwarding to error page from request [/callback] due to exception >>> [javax.net.ssl.SSLHandshakeException: >>> java.security.cert.CertificateException: No name matching localhost found]> >>> >>> I don't really know much about certificates. I quickly set up a self >>> signed one to get CAS working following a guide. I used this command to do >>> so: >>> >>> keytool -genkey -alias tomcat -keyalg RSA -keystore CASkeystore >>> >>> and then edited Tomcat's server.xml file with this: >>> >>> <Connector port="8443" >>> protocol="org.apache.coyote.http11.Http11Protocol" >>> maxThreads="150" SSLEnabled="true" scheme="https" >>> secure="true" >>> clientAuth="false" sslProtocol="TLS" >>> keyAlias="tomcat" >>> keystoreFile="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el6_8.x86_64/jre/lib/security/CASkeystore" >>> keystorePass="******************" /> >>> >>> That got CAS working but I don't know enough about certs to know what I >>> need to do to get the management app to trust CAS. Any advice is >>> appreciated. >>> >> -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/89ffbf1c-2c6b-48ce-88e4-6d6812413168%40apereo.org.
