javax.servlet.ServletException: sun.security.validator.ValidatorException:N o trusted certificate found

Scott Battaglia scott_battaglia at rutgers.edu
Fri Aug 11 14:22:30 EDT 2006 

When you generate the certificate, where it says enter First and Last 
Name, enter the hostname of the machine (i.e. the hostname you will 
access CAS under).  In your case it seems like it should be localhost.

-Scott

Noel Sebastien (BIL) wrote:
> Thank you.
> A strange thing is that my client JVM and my server JVM are the same since I am running on the same tomcat 2 webapp (client and the CAS server). Anyway
> I was sure I already imported my certificat into the cacert file of the JVM. But I redo it (using an old pure copy of the cacert file), and it seems to pass until the "HTTPS hostname wrong:  should be <localhost>" exception occurs.
> Searching the internet, it seems that it is related to the misinstallation of the certificate..
> But what can I do to check the install ? I promise I follow the steps.
> Any tool to detect twhich step was wrong ? Any suggestion ?
> Thanks
>
>
> -----Original Message-----
> From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] On Behalf Of Scott Battaglia
> Sent: vendredi 11 août 2006 15:07
> To: Yale CAS mailing list
> Subject: Re: javax.servlet.ServletException: sun.security.validator.ValidatorException:N o trusted certificate found
>
> Take a look at:
> http://www.ja-sig.org/products/cas/server/ssl/index.html
>
> It looks like your client application's JVM doesn't trust your CAS server's certificate and it needs to be added to the JVM's cacerts file.
>
> -Scott
>
> Noel Sebastien (BIL) wrote:
>   
>> I am newbie to CAS. I am using CAS 3 on Tomcat 5 under Eclipse
>> (MyEclipse) with Java sdk 1.4.2_02.
>> It works fine until I type the password to the CAS login page, then it 
>> redirect to the service caller (https:...) and display the following 
>> error :
>>
>> javax.servlet.ServletException:
>> sun.security.validator.ValidatorException: No trusted certificate 
>> found
>> 	
>> edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFi
>> lt
>> er.java:254)
>> 	
>> edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:18
>> 4)
>> root cause
>> javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException: No trusted certificate found
>> 	com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
>> 	com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>> 	com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>> 	com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
>> 	com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
>> 	com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
>> 	com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>> 	com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
>> 	
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
>> 	sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
>> 	
>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(
>> Da
>> shoA6275)
>> 	
>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn
>> ec
>> tion.java:617)
>> 	
>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Dasho
>> A6
>> 275)
>> 	edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70)
>> 	
>> edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTick
>> et
>> Validator.java:212)
>> 	
>> edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFi
>> lt
>> er.java:219)
>> 	
>> edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:18
>> 4) note The full stack trace of the root cause is available in the 
>> Apache
>> Tomcat/5.0.28 logs.
>>
>>
>> Searching the archive I am reviving an old thread ending having the 
>> SAME explanation but with no solution 
>> (http://tp.its.yale.edu/pipermail/cas/2005-May/001241.html ) besides 
>> this thread says a possible way is to look at the link 
>> http://jasigch.princeton.edu:9000/display/CAS/Solving+SSL+issues
>> But this is a broken link.. Has anyone the solution please ?
>> I am not sure to understand what is wrong. SSL in the web browser ? 
>> SSL certificate in Tomcat ? Other ?
>>
>> Thank you in advance,
>>
>>
>> ---------------------
>> An electronic message is not binding on its sender.
>> Any message referring to a binding engagement must be confirmed in writing and duly signed.
>> ---------------------
>>
>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>   
>>     
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
> ---------------------
> An electronic message is not binding on its sender.
> Any message referring to a binding engagement must be confirmed in writing and duly signed.
> ---------------------
>
>
> ---------------------
> An electronic message is not binding on its sender.
> Any message referring to a binding engagement must be confirmed in writing and duly signed.
> ---------------------
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>

More information about the cas mailing list