jssecacerts

[Geoffrey Ritchey]

This is from some Sun on-line documentation:

 

Install a JSSE-specific cacerts file, if desired 

When creating a TrustManager, Sun's JSSE implementation will first check
for an alternate cacert file before falling back on the standard cacerts
file, so that you can provide a JSSE-specific set of trusted root
certificates separate from ones that might be present in cacerts for
code signing purposes. 

The search order for the locating the trust store is: 

1) <java-home>/lib/security/jssecacerts, then 
2) <java-home>/lib/security/cacerts 

If the file jssecacerts exists, then cacerts is not consulted.

 

When following CAS instructions, adding a certificate to cacerts does
nothing if a jssecacerts file exists.

 

________________________________

From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]
On Behalf Of Geoffrey Ritchey
Sent: Tuesday, June 12, 2007 11:57 AM
To: Yale CAS mailing list
Subject: RE: jssecacerts

 

It doesn't talk about the jssecerts file at all, just the cacerts file.
If there was some warning to check for its existence, I think that would
be helpful.

 

________________________________

From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]
On Behalf Of Scott Battaglia
Sent: Tuesday, June 12, 2007 11:46 AM
To: Yale CAS mailing list
Subject: Re: jssecacerts

 

Geoffrey,

I'm not sure where it stated in the CAS documentation to use a
"jssecerts" file.  If I (or anyone) sees it in the wiki anywhere, we'll
correct it. 

Thanks
-Scott

On 6/12/07, Geoffrey Ritchey <ritcheyg at wbu.edu> wrote:



I recently revisited setting up CAS.  I thought it would be easy since
I've done it in the past, but it took me a couple days to figure out why
I was getting

"PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException : unable to
find valid certification path to requested target"

It finally turned out that during past experimentation on my test
machine, I had created a 'jssecacerts' file, which takes precedence over

a 'cacerts' file.  It may be helpful to include that information in the
installation documentation.  I did not see it in the documentation I was
using.


_______________________________________________ 
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas




-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070612/9447d594/attachment.html