SSL Problems? IP x DNS -> Localhost

Thu Aug 31 15:56:01 EDT 2006

I have problens in the last (5) command: keytool error:
java.lang.Exception: Certificate not imported, alias <mykey> already
exists.

Obs: I understand "server.crt" like "%FILE_NAME%", am I right?

1) JAVA_HOME\bin\keytool -delete -alias tomcat -keypass changeit

2) JAVA_HOME\bin\keytool -genkey -alias tomcat -keypass changeit -keyalg RSA

3) JAVA_HOME\bin\keytool -export -alias tomcat -keypass changeit
-file %FILE_NAME%

4)JAVA_HOME\bin\keytool -import -file server.crt -keypass changeit -keystore 5)
JAVA_HOME/jre/lib/security/cacerts

5)JAVA_HOME\bin\keytool -import -file server.crt -keystore 7)
JAVA_HOME\jre\lib\security\cacerts

Obs: This link is equal to a pdf in the site.

Thanks in advance again.
Paulo

On 8/31/06, Scott Battaglia <scott.battaglia at gmail.com> wrote:
> This may assist you...
> http://www.ja-sig.org/products/cas/server/ssl/index.html
>
>
> -Scott
>
> On 8/31/06, Paulo Cheque <paulocheque at gmail.com> wrote:
> > HMmmmm, I've created but I don't know if i add ir to the cacerts in my
> > JVM, I will try it. And I will configure CN properly this time.
> >
> > Thanks you Scott, quick answer!
> >
> > On 8/31/06, Scott Battaglia < scott.battaglia at gmail.com> wrote:
> > > Paulo,
> > >
> > > A couple questions.  Did you generate the certificate yourself? If so,
> did
> > > you add it to the cacerts file in your JVM?  Second, what did you use as
> the
> > > CN name?   It should be the name of your hostname (i.e. localhost).
> > >
> > > -Scott
> > >
> > >
> > > On 8/31/06, Paulo Cheque <paulocheque at gmail.com> wrote:
> > > >
> > >  Hi, I am trying to start use CAS with Tomcat 5.5.x.
> > >
> > > - I create a AuthenticationHandler that implements
> > > AuthenticationHandler interface.
> > > - I have configured deployerConfigContext.xml to find my implementation.
> > > - Make a war file and deploy it.
> > >
> > > When I put a valid login throw that exceptions above.
> > > I am thinking the reason is "Certificate for IP" because I am working
> > > with localhost and certificated has problens with IP. Am I rigth?
> > >
> > > Is there any mode to test my CAS with localhost?
> > >
> > > Thanks in advance!
> > > Paulo
> > >
> > > edu.yale.its.tp.cas.client.CASAuthenticationException :
> > > Unable to
> > > validate ProxyTicketValidator
> > > [[edu.yale.its.tp.cas.client.ProxyTicketValidator
> > > proxyList=[null]
> > > [edu.yale.its.tp.cas.client.ServiceTicketValidator
> > > casValidateUrl=[
> https://localhost:8443/cas/serviceValidate]
> > > ticket=[ST-2-LhYi2UnrIo2L6yrAhx2Ctf4vqJLrmV76Whp-20]
> > > service=[http%3A%2F%2Flocalhost%3A8080%2FNovoFenix]
> > > renew=false]]]
> > >
> > > Caused by: javax.net.ssl.SSLHandshakeException:
> > > sun.security.validator.ValidatorException: PKIX path
> > > building failed:
> > >
> sun.security.provider.certpath.SunCertPathBuilderException
> > > : unable to
> > > find valid certification path to requested target
> > >
> > > Caused by: sun.security.validator.ValidatorException:
> PKIX
> > > path
> > > building failed:
> > >
> sun.security.provider.certpath.SunCertPathBuilderException
> :
> > > unable to
> > > find valid certification path to requested target
> > >
> > > Caused by:
> > >
> sun.security.provider.certpath.SunCertPathBuilderException:
> > > unable to find valid certification path to requested target
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > >
> > >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>