SSL Problems? IP x DNS -> Localhost

Paulo Cheque paulocheque at gmail.com
Fri Sep 1 07:57:29 EDT 2006 

Is there another possibilities of my problem? I am sending my code:

<bean class="my.package.AaaAaaAuthenticationHandler" />

public boolean authenticate(Credentials credentials) throws
AuthenticationException {
   return true;
}

public boolean supports(Credentials credentials) {
   return true;
}


Thanks in advance =(

On 9/1/06, Paulo Cheque <paulocheque at gmail.com> wrote:
> I've tried, but I got the same error =(
>
>
>
> edu.yale.its.tp.cas.client.CASAuthenticationException :
>  Unable to  validate ProxyTicketValidator
>  [[edu.yale.its.tp.cas.client.ProxyTicketValidator
>  proxyList=[null]
>
>  [edu.yale.its.tp.cas.client.ServiceTicketValidator
> asValidateUrl=[ https://localhost:8443/cas/serviceValidate]
> ticket=[ST-2-LhYi2UnrIo2L6yrAhx2Ctf4vqJLrmV76Whp-20]
>  service=[http%3A%2F%2Flocalhost%3A8080%2FNovoFenix]
>  renew=false]]]
>
>  Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX
> path building failed: sun.security.provider.certpath.SunCertPathBuilderException
> : unable to find valid certification path to requested target
>
> Caused by: sun.security.validator.ValidatorException:
> PKIX path building failed:
>
>
> sun.security.provider.certpath.SunCertPathBuilderException
> :unable to find valid certification path to requested target
>
>
>
>
>
>
> On 8/31/06, Scott Battaglia <scott.battaglia at gmail.com> wrote:
> > You only need to import it once. The second one doesn't matter.  Try using
> > CAS and the client now.
> >
> >
> > -Scott
> >
> > On 8/31/06, Paulo Cheque < paulocheque at gmail.com> wrote:
> > > I am still getting the same error =(
> > >
> > >
> > ______________________________________________________________
> > > Example:
> > > JAVA_HOME\bin\keytool -import -file server.crt -keypass changeit -keystore
> > > JAVA_HOME/jre/lib/security/cacerts
> > >
> > > keytool -import -file server.crt -keypass changeit -keystore
> > > c:/Program\ Files\
> > \(x86\)/Java/jre1.5.0_06/lib/security/cacerts
> > >
> > > Obs: I understand "server.crt" like "%FILE_NAME%", am I right?
> > >
> > ______________________________________________________________
> > >
> > > I am going to tell you my actions:
> > >
> > > 1) JAVA_HOME\bin\keytool -delete -alias tomcat -keypass changeit
> > >
> > >        Done
> > >
> > > 2) JAVA_HOME\bin\keytool -genkey -alias tomcat -keypass changeit -keyalg
> > RSA
> > >
> > >        CN=localhost, OU=AAA, O=Aaaaaaa, L=Aaa Aaaaa, ST=Aaaaa, C=AA
> > >
> > > 3) JAVA_HOME\bin\keytool -export -alias tomcat -keypass changeit
> > > -file %FILE_NAME%
> > >
> > >        Certificate stored in file server.crt
> > >
> > > 4) JAVA_HOME\bin\keytool -import -file server.crt -keypass changeit
> > -keystore 5)
> > > JAVA_HOME/jre/lib/security/cacerts
> > >
> > >        Certificate was added to keystore
> > >
> > > 5)JAVA_HOME\bin\keytool -import -file server.crt -keystore 7)
> > > JAVA_HOME\jre\lib\security\cacerts
> > >
> > >        keytool error: java.lang.Exception: Certificate not imported,
> > > alias <mykey> already exists.
> > >
> > ______________________________________________________________
> > >
> > >
> > > Thanks in advance
> > > Paulo
> > >
> > ______________________________________________________________
> > >
> > > On 8/31/06, Paulo Cheque < paulocheque at gmail.com> wrote:
> > > > I have problens in the last (5) command: keytool error:
> > > > java.lang.Exception: Certificate not imported, alias <mykey> already
> > > > exists.
> > > >
> > > > Obs: I understand " server.crt" like "%FILE_NAME%", am I right?
> > > >
> > > >
> > > > 1) JAVA_HOME\bin\keytool -delete -alias tomcat -keypass changeit
> > > >
> > > > 2) JAVA_HOME\bin\keytool -genkey -alias tomcat -keypass changeit -keyalg
> > RSA
> > > >
> > > > 3) JAVA_HOME\bin\keytool -export -alias tomcat -keypass changeit
> > > > -file %FILE_NAME%
> > > >
> > > > 4)JAVA_HOME\bin\keytool -import -file server.crt -keypass changeit
> > -keystore 5)
> > > > JAVA_HOME/jre/lib/security/cacerts
> > > >
> > > > 5)JAVA_HOME\bin\keytool -import -file server.crt -keystore 7)
> > > > JAVA_HOME\jre\lib\security\cacerts
> > > >
> > > > Obs: This link is equal to a pdf in the site.
> > > >
> > > > Thanks in advance again.
> > > > Paulo
> > > >
> > > > On 8/31/06, Scott Battaglia <scott.battaglia at gmail.com> wrote:
> > > > > This may assist you...
> > > > >
> > http://www.ja-sig.org/products/cas/server/ssl/index.html
> > > > >
> > > > >
> > > > > -Scott
> > > > >
> > > > > On 8/31/06, Paulo Cheque <paulocheque at gmail.com > wrote:
> > > > > > HMmmmm, I've created but I don't know if i add ir to the cacerts in
> > my
> > > > > > JVM, I will try it. And I will configure CN properly this time.
> > > > > >
> > > > > > Thanks you Scott, quick answer!
> > > > > >
> > > > > > On 8/31/06, Scott Battaglia < scott.battaglia at gmail.com> wrote:
> > > > > > > Paulo,
> > > > > > >
> > > > > > > A couple questions.  Did you generate the certificate yourself? If
> > so,
> > > > > did
> > > > > > > you add it to the cacerts file in your JVM?  Second, what did you
> > use as
> > > > > the
> > > > > > > CN name?   It should be the name of your hostname (i.e.
> > localhost).
> > > > > > >
> > > > > > > -Scott
> > > > > > >
> > > > > > >
> > > > > > > On 8/31/06, Paulo Cheque <paulocheque at gmail.com> wrote:
> > > > > > > >
> > > > > > >  Hi, I am trying to start use CAS with Tomcat 5.5.x.
> > > > > > >
> > > > > > > - I create a AuthenticationHandler that implements
> > > > > > > AuthenticationHandler interface.
> > > > > > > - I have configured deployerConfigContext.xml to find my
> > implementation.
> > > > > > > - Make a war file and deploy it.
> > > > > > >
> > > > > > > When I put a valid login throw that exceptions above.
> > > > > > > I am thinking the reason is "Certificate for IP" because I am
> > working
> > > > > > > with localhost and certificated has problens with IP. Am I rigth?
> > > > > > >
> > > > > > > Is there any mode to test my CAS with localhost?
> > > > > > >
> > > > > > > Thanks in advance!
> > > > > > > Paulo
> > > > > > >
> > > > > > >
> > edu.yale.its.tp.cas.client.CASAuthenticationException :
> > > > > > > Unable to
> > > > > > > validate ProxyTicketValidator
> > > > > > > [[edu.yale.its.tp.cas.client.ProxyTicketValidator
> > > > > > > proxyList=[null]
> > > > > > >
> > [edu.yale.its.tp.cas.client.ServiceTicketValidator
> > > > > > > casValidateUrl=[
> > > > > https://localhost:8443/cas/serviceValidate]
> > > > > > >
> > ticket=[ST-2-LhYi2UnrIo2L6yrAhx2Ctf4vqJLrmV76Whp-20]
> > > > > > >
> > service=[http%3A%2F%2Flocalhost%3A8080%2FNovoFenix]
> > > > > > > renew=false]]]
> > > > > > >
> > > > > > > Caused by: javax.net.ssl.SSLHandshakeException:
> > > > > > > sun.security.validator.ValidatorException: PKIX
> > path
> > > > > > > building failed:
> > > > > > >
> > > > >
> > sun.security.provider.certpath.SunCertPathBuilderException
> > > > > > > : unable to
> > > > > > > find valid certification path to requested target
> > > > > > >
> > > > > > > Caused by:
> > sun.security.validator.ValidatorException:
> > > > > PKIX
> > > > > > > path
> > > > > > > building failed:
> > > > > > >
> > > > >
> > sun.security.provider.certpath.SunCertPathBuilderException
> > > > > :
> > > > > > > unable to
> > > > > > > find valid certification path to requested target
> > > > > > >
> > > > > > > Caused by:
> > > > > > >
> > > > >
> > sun.security.provider.certpath.SunCertPathBuilderException:
> > > > > > > unable to find valid certification path to requested target
> > > > > > > _______________________________________________
> > > > > > > Yale CAS mailing list
> > > > > > > cas at tp.its.yale.edu
> > > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > > >
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > Yale CAS mailing list
> > > > > > > cas at tp.its.yale.edu
> > > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > _______________________________________________
> > > > > > Yale CAS mailing list
> > > > > > cas at tp.its.yale.edu
> > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > >
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Yale CAS mailing list
> > > > > cas at tp.its.yale.edu
> > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > >
> > > > >
> > > > >
> > > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> >
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
> >
>

More information about the cas mailing list