SSL Problems? IP x DNS -> Localhost

Scott Battaglia scott.battaglia at gmail.com
Fri Sep 1 08:17:34 EDT 2006 

The only other thing I can recommend you check off the top of my head is
that if you have multiple JREs installed, make sure you are adding the
certificate to the correct one.

-Scott

On 9/1/06, Paulo Cheque <paulocheque at gmail.com> wrote:
>
> Is there another possibilities of my problem? I am sending my code:
>
> <bean class="my.package.AaaAaaAuthenticationHandler" />
>
> public boolean authenticate(Credentials credentials) throws
> AuthenticationException {
>    return true;
> }
>
> public boolean supports(Credentials credentials) {
>    return true;
> }
>
>
> Thanks in advance =(
>
> On 9/1/06, Paulo Cheque <paulocheque at gmail.com> wrote:
> > I've tried, but I got the same error =(
> >
> >
> >
> > edu.yale.its.tp.cas.client.CASAuthenticationException :
> >  Unable to  validate ProxyTicketValidator
> >  [[edu.yale.its.tp.cas.client.ProxyTicketValidator
> >  proxyList=[null]
> >
> >  [edu.yale.its.tp.cas.client.ServiceTicketValidator
> > asValidateUrl=[ https://localhost:8443/cas/serviceValidate]
> > ticket=[ST-2-LhYi2UnrIo2L6yrAhx2Ctf4vqJLrmV76Whp-20]
> >  service=[http%3A%2F%2Flocalhost%3A8080%2FNovoFenix]
> >  renew=false]]]
> >
> >  Caused by: javax.net.ssl.SSLHandshakeException:
> > sun.security.validator.ValidatorException: PKIX
> > path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException
> > : unable to find valid certification path to requested target
> >
> > Caused by: sun.security.validator.ValidatorException:
> > PKIX path building failed:
> >
> >
> > sun.security.provider.certpath.SunCertPathBuilderException
> > :unable to find valid certification path to requested target
> >
> >
> >
> >
> >
> >
> > On 8/31/06, Scott Battaglia <scott.battaglia at gmail.com> wrote:
> > > You only need to import it once. The second one doesn't matter.  Try
> using
> > > CAS and the client now.
> > >
> > >
> > > -Scott
> > >
> > > On 8/31/06, Paulo Cheque < paulocheque at gmail.com> wrote:
> > > > I am still getting the same error =(
> > > >
> > > >
> > > ______________________________________________________________
> > > > Example:
> > > > JAVA_HOME\bin\keytool -import -file server.crt -keypass changeit
> -keystore
> > > > JAVA_HOME/jre/lib/security/cacerts
> > > >
> > > > keytool -import -file server.crt -keypass changeit -keystore
> > > > c:/Program\ Files\
> > > \(x86\)/Java/jre1.5.0_06/lib/security/cacerts
> > > >
> > > > Obs: I understand "server.crt" like "%FILE_NAME%", am I right?
> > > >
> > > ______________________________________________________________
> > > >
> > > > I am going to tell you my actions:
> > > >
> > > > 1) JAVA_HOME\bin\keytool -delete -alias tomcat -keypass changeit
> > > >
> > > >        Done
> > > >
> > > > 2) JAVA_HOME\bin\keytool -genkey -alias tomcat -keypass changeit
> -keyalg
> > > RSA
> > > >
> > > >        CN=localhost, OU=AAA, O=Aaaaaaa, L=Aaa Aaaaa, ST=Aaaaa, C=AA
> > > >
> > > > 3) JAVA_HOME\bin\keytool -export -alias tomcat -keypass changeit
> > > > -file %FILE_NAME%
> > > >
> > > >        Certificate stored in file server.crt
> > > >
> > > > 4) JAVA_HOME\bin\keytool -import -file server.crt -keypass changeit
> > > -keystore 5)
> > > > JAVA_HOME/jre/lib/security/cacerts
> > > >
> > > >        Certificate was added to keystore
> > > >
> > > > 5)JAVA_HOME\bin\keytool -import -file server.crt -keystore 7)
> > > > JAVA_HOME\jre\lib\security\cacerts
> > > >
> > > >        keytool error: java.lang.Exception: Certificate not imported,
> > > > alias <mykey> already exists.
> > > >
> > > ______________________________________________________________
> > > >
> > > >
> > > > Thanks in advance
> > > > Paulo
> > > >
> > > ______________________________________________________________
> > > >
> > > > On 8/31/06, Paulo Cheque < paulocheque at gmail.com> wrote:
> > > > > I have problens in the last (5) command: keytool error:
> > > > > java.lang.Exception: Certificate not imported, alias <mykey>
> already
> > > > > exists.
> > > > >
> > > > > Obs: I understand " server.crt" like "%FILE_NAME%", am I right?
> > > > >
> > > > >
> > > > > 1) JAVA_HOME\bin\keytool -delete -alias tomcat -keypass changeit
> > > > >
> > > > > 2) JAVA_HOME\bin\keytool -genkey -alias tomcat -keypass changeit
> -keyalg
> > > RSA
> > > > >
> > > > > 3) JAVA_HOME\bin\keytool -export -alias tomcat -keypass changeit
> > > > > -file %FILE_NAME%
> > > > >
> > > > > 4)JAVA_HOME\bin\keytool -import -file server.crt -keypass changeit
> > > -keystore 5)
> > > > > JAVA_HOME/jre/lib/security/cacerts
> > > > >
> > > > > 5)JAVA_HOME\bin\keytool -import -file server.crt -keystore 7)
> > > > > JAVA_HOME\jre\lib\security\cacerts
> > > > >
> > > > > Obs: This link is equal to a pdf in the site.
> > > > >
> > > > > Thanks in advance again.
> > > > > Paulo
> > > > >
> > > > > On 8/31/06, Scott Battaglia <scott.battaglia at gmail.com> wrote:
> > > > > > This may assist you...
> > > > > >
> > > http://www.ja-sig.org/products/cas/server/ssl/index.html
> > > > > >
> > > > > >
> > > > > > -Scott
> > > > > >
> > > > > > On 8/31/06, Paulo Cheque <paulocheque at gmail.com > wrote:
> > > > > > > HMmmmm, I've created but I don't know if i add ir to the
> cacerts in
> > > my
> > > > > > > JVM, I will try it. And I will configure CN properly this
> time.
> > > > > > >
> > > > > > > Thanks you Scott, quick answer!
> > > > > > >
> > > > > > > On 8/31/06, Scott Battaglia < scott.battaglia at gmail.com>
> wrote:
> > > > > > > > Paulo,
> > > > > > > >
> > > > > > > > A couple questions.  Did you generate the certificate
> yourself? If
> > > so,
> > > > > > did
> > > > > > > > you add it to the cacerts file in your JVM?  Second, what
> did you
> > > use as
> > > > > > the
> > > > > > > > CN name?   It should be the name of your hostname (i.e.
> > > localhost).
> > > > > > > >
> > > > > > > > -Scott
> > > > > > > >
> > > > > > > >
> > > > > > > > On 8/31/06, Paulo Cheque <paulocheque at gmail.com> wrote:
> > > > > > > > >
> > > > > > > >  Hi, I am trying to start use CAS with Tomcat 5.5.x.
> > > > > > > >
> > > > > > > > - I create a AuthenticationHandler that implements
> > > > > > > > AuthenticationHandler interface.
> > > > > > > > - I have configured deployerConfigContext.xml to find my
> > > implementation.
> > > > > > > > - Make a war file and deploy it.
> > > > > > > >
> > > > > > > > When I put a valid login throw that exceptions above.
> > > > > > > > I am thinking the reason is "Certificate for IP" because I
> am
> > > working
> > > > > > > > with localhost and certificated has problens with IP. Am I
> rigth?
> > > > > > > >
> > > > > > > > Is there any mode to test my CAS with localhost?
> > > > > > > >
> > > > > > > > Thanks in advance!
> > > > > > > > Paulo
> > > > > > > >
> > > > > > > >
> > > edu.yale.its.tp.cas.client.CASAuthenticationException :
> > > > > > > > Unable to
> > > > > > > > validate ProxyTicketValidator
> > > > > > > > [[edu.yale.its.tp.cas.client.ProxyTicketValidator
> > > > > > > > proxyList=[null]
> > > > > > > >
> > > [edu.yale.its.tp.cas.client.ServiceTicketValidator
> > > > > > > > casValidateUrl=[
> > > > > > https://localhost:8443/cas/serviceValidate]
> > > > > > > >
> > > ticket=[ST-2-LhYi2UnrIo2L6yrAhx2Ctf4vqJLrmV76Whp-20]
> > > > > > > >
> > > service=[http%3A%2F%2Flocalhost%3A8080%2FNovoFenix]
> > > > > > > > renew=false]]]
> > > > > > > >
> > > > > > > > Caused by: javax.net.ssl.SSLHandshakeException:
> > > > > > > > sun.security.validator.ValidatorException: PKIX
> > > path
> > > > > > > > building failed:
> > > > > > > >
> > > > > >
> > > sun.security.provider.certpath.SunCertPathBuilderException
> > > > > > > > : unable to
> > > > > > > > find valid certification path to requested target
> > > > > > > >
> > > > > > > > Caused by:
> > > sun.security.validator.ValidatorException:
> > > > > > PKIX
> > > > > > > > path
> > > > > > > > building failed:
> > > > > > > >
> > > > > >
> > > sun.security.provider.certpath.SunCertPathBuilderException
> > > > > > :
> > > > > > > > unable to
> > > > > > > > find valid certification path to requested target
> > > > > > > >
> > > > > > > > Caused by:
> > > > > > > >
> > > > > >
> > > sun.security.provider.certpath.SunCertPathBuilderException:
> > > > > > > > unable to find valid certification path to requested target
> > > > > > > > _______________________________________________
> > > > > > > > Yale CAS mailing list
> > > > > > > > cas at tp.its.yale.edu
> > > > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > > > >
> > > > > > > >
> > > > > > > > _______________________________________________
> > > > > > > > Yale CAS mailing list
> > > > > > > > cas at tp.its.yale.edu
> > > > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > _______________________________________________
> > > > > > > Yale CAS mailing list
> > > > > > > cas at tp.its.yale.edu
> > > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > > >
> > > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > > Yale CAS mailing list
> > > > > > cas at tp.its.yale.edu
> > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > _______________________________________________
> > > > Yale CAS mailing list
> > > > cas at tp.its.yale.edu
> > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > >
> > >
> > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > >
> > >
> >
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20060901/9607fded/attachment.html

More information about the cas mailing list