Thank you very much for your help. In my situation the probleme was that i' ve generate a bad certificate.
When the java keytool ask me the question "what' s your name" i need to set this value with the name of my server (in my case with "localhost") and not MY name ;) So now all woks fine. On 3/10/06, Bill Barker <[EMAIL PROTECTED]> wrote: > > Yawn, set truststoreFile="/path/to/keystore/file" on the <Connector /> > element. > > In most cases, the truststore and keystore are different authorities, so > there is no good reason for Tomcat to default them to being the same. > > "David Avenante" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > Hi, > > I' m use CAS for SSO solution. > I' ve create a certifiacte for my tomcat and deployed my two applications > (CAS server AND client) on the same Tomcat with certificate. > > When i go to my client application i' m redirecte (in https mode) to the > CAS > server login page with aknowledge of my certificate in the browser. > So all seem OK but after authentification, the CAS protocol callback me to > my client who (my client) query the cas server for validation. > > And this call Fail with : > > Caused by: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > ... > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable > to find valid certification path to requested target > ... > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > > So after many time on the net the probleme seems to be identified as : > > "for some reason the web server keystore does not trust the HTTPS > certificate presented by the CAS server" > > But my client and my server are on the same tomcat !!!! > > Thank you for any help ;) > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
