javax.servlet.ServletException: sun.security.validator.ValidatorException:N o trusted certificate found

Noel Sebastien (BIL) Sebastien.Noel at dexia-bil.com
Fri Aug 11 13:05:52 EDT 2006 

Thank you.
A strange thing is that my client JVM and my server JVM are the same since I am running on the same tomcat 2 webapp (client and the CAS server). Anyway
I was sure I already imported my certificat into the cacert file of the JVM. But I redo it (using an old pure copy of the cacert file), and it seems to pass until the "HTTPS hostname wrong:  should be <localhost>" exception occurs.
Searching the internet, it seems that it is related to the misinstallation of the certificate..
But what can I do to check the install ? I promise I follow the steps.
Any tool to detect twhich step was wrong ? Any suggestion ?
Thanks


-----Original Message-----
From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] On Behalf Of Scott Battaglia
Sent: vendredi 11 août 2006 15:07
To: Yale CAS mailing list
Subject: Re: javax.servlet.ServletException: sun.security.validator.ValidatorException:N o trusted certificate found

Take a look at:
http://www.ja-sig.org/products/cas/server/ssl/index.html

It looks like your client application's JVM doesn't trust your CAS server's certificate and it needs to be added to the JVM's cacerts file.

-Scott

Noel Sebastien (BIL) wrote:
> I am newbie to CAS. I am using CAS 3 on Tomcat 5 under Eclipse
> (MyEclipse) with Java sdk 1.4.2_02.
> It works fine until I type the password to the CAS login page, then it 
> redirect to the service caller (https:...) and display the following 
> error :
>
> javax.servlet.ServletException:
> sun.security.validator.ValidatorException: No trusted certificate 
> found
> 	
> edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFi
> lt
> er.java:254)
> 	
> edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:18
> 4)
> root cause
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: No trusted certificate found
> 	com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> 	com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> 	com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> 	com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> 	com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> 	com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
> 	com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> 	com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
> 	
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
> 	sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
> 	
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(
> Da
> shoA6275)
> 	
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn
> ec
> tion.java:617)
> 	
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Dasho
> A6
> 275)
> 	edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70)
> 	
> edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTick
> et
> Validator.java:212)
> 	
> edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFi
> lt
> er.java:219)
> 	
> edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:18
> 4) note The full stack trace of the root cause is available in the 
> Apache
> Tomcat/5.0.28 logs.
>
>
> Searching the archive I am reviving an old thread ending having the 
> SAME explanation but with no solution 
> (http://tp.its.yale.edu/pipermail/cas/2005-May/001241.html ) besides 
> this thread says a possible way is to look at the link 
> http://jasigch.princeton.edu:9000/display/CAS/Solving+SSL+issues
> But this is a broken link.. Has anyone the solution please ?
> I am not sure to understand what is wrong. SSL in the web browser ? 
> SSL certificate in Tomcat ? Other ?
>
> Thank you in advance,
>
>
> ---------------------
> An electronic message is not binding on its sender.
> Any message referring to a binding engagement must be confirmed in writing and duly signed.
> ---------------------
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>   
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas

---------------------
An electronic message is not binding on its sender.
Any message referring to a binding engagement must be confirmed in writing and duly signed.
---------------------


---------------------
An electronic message is not binding on its sender.
Any message referring to a binding engagement must be confirmed in writing and duly signed.
---------------------

More information about the cas mailing list