javax.servlet.ServletException: sun.security.validator.ValidatorException:No trusted certificate found

Varadarajan, Shivarajan SVaradarajan at classmates.com
Fri Aug 11 13:26:10 EDT 2006 

I think one issue freq. many CAS users hits upon will get resolved if we make sure, we give proper hostname (whichever is used to access the server) than the IP address or some random names (like persons firstname/lastname) while we generate certs/keystores. I have seen problems in past when name is not the hostname (may or not be fully qualified domain name)


Thanks,
Shiva

-----Original Message-----
From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]On
Behalf Of Noel Sebastien (BIL)
Sent: Friday, August 11, 2006 10:06 AM
To: Yale CAS mailing list
Subject: RE:javax.servlet.ServletException:
sun.security.validator.ValidatorException:No trusted certificate found


Thank you.
A strange thing is that my client JVM and my server JVM are the same since I am running on the same tomcat 2 webapp (client and the CAS server). Anyway
I was sure I already imported my certificat into the cacert file of the JVM. But I redo it (using an old pure copy of the cacert file), and it seems to pass until the "HTTPS hostname wrong:  should be <localhost>" exception occurs.
Searching the internet, it seems that it is related to the misinstallation of the certificate..
But what can I do to check the install ? I promise I follow the steps.
Any tool to detect twhich step was wrong ? Any suggestion ?
Thanks


-----Original Message-----
From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] On Behalf Of Scott Battaglia
Sent: vendredi 11 août 2006 15:07
To: Yale CAS mailing list
Subject: Re: javax.servlet.ServletException: sun.security.validator.ValidatorException:N o trusted certificate found

Take a look at:
http://www.ja-sig.org/products/cas/server/ssl/index.html

It looks like your client application's JVM doesn't trust your CAS server's certificate and it needs to be added to the JVM's cacerts file.

-Scott

Noel Sebastien (BIL) wrote:
> I am newbie to CAS. I am using CAS 3 on Tomcat 5 under Eclipse
> (MyEclipse) with Java sdk 1.4.2_02.
> It works fine until I type the password to the CAS login page, then it 
> redirect to the service caller (https:...) and display the following 
> error :
>
> javax.servlet.ServletException:
> sun.security.validator.ValidatorException: No trusted certificate 
> found
> 	
> edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFi
> lt
> er.java:254)
> 	
> edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:18
> 4)
> root cause
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: No trusted certificate found
> 	com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> 	com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> 	com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> 	com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> 	com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> 	com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
> 	com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> 	com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
> 	
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
> 	sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
> 	
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(
> Da
> shoA6275)
> 	
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn
> ec
> tion.java:617)
> 	
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Dasho
> A6
> 275)
> 	edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70)
> 	
> edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTick
> et
> Validator.java:212)
> 	
> edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFi
> lt
> er.java:219)
> 	
> edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:18
> 4) note The full stack trace of the root cause is available in the 
> Apache
> Tomcat/5.0.28 logs.
>
>
> Searching the archive I am reviving an old thread ending having the 
> SAME explanation but with no solution 
> (http://tp.its.yale.edu/pipermail/cas/2005-May/001241.html ) besides 
> this thread says a possible way is to look at the link 
> http://jasigch.princeton.edu:9000/display/CAS/Solving+SSL+issues
> But this is a broken link.. Has anyone the solution please ?
> I am not sure to understand what is wrong. SSL in the web browser ? 
> SSL certificate in Tomcat ? Other ?
>
> Thank you in advance,
>
>
> ---------------------
> An electronic message is not binding on its sender.
> Any message referring to a binding engagement must be confirmed in writing and duly signed.
> ---------------------
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>   
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas

---------------------
An electronic message is not binding on its sender.
Any message referring to a binding engagement must be confirmed in writing and duly signed.
---------------------


---------------------
An electronic message is not binding on its sender.
Any message referring to a binding engagement must be confirmed in writing and duly signed.
---------------------


_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas

More information about the cas mailing list