java.io.IOException: HTTPS hostname wrong

Scott Battaglia scott.battaglia at gmail.com
Tue Sep 11 22:56:27 EDT 2007 

Ross,

When you created your certificates via the keytool, what did you choose as
the CN?

-Scott

On 9/11/07, Ross Bleakney <rossbleakney at hotmail.com> wrote:
>
> I'm trying to get the CAS server working with the CASFilter on a tomcat
> installation. I configured the server, called gammel1.devqa to use SSL
> (via keytool). I created the certificates and put them in my client site
> (following directions in
> http://blogs.sun.com/andreas/entry/no_more_unable_to_find). When I try
> to go to http://localhost:8080/casSample/index.html, I get redirected to
>
> https://gammel1.devqa:8443/cas/login?service=http%3A%2F%2Flocalhost%3A8080%2FcasSample%2Findex.html%3F
> ,
> then back to
>
> http://localhost:8080/casSample/index.html?&ticket=ST-4-ugNfcdPhkdO2rbNAlZR10HzV4mWwD11Io67-20
> .
> I then get a failure message:
>
> edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate
> ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator
> proxyList=[null]
> [edu.yale.its.tp.cas.client.ServiceTicketValidator
> casValidateUrl=[https://gammel1.devqa:8443/cas/serviceValidate]
> ticket=[ST-4-ugNfcdPhkdO2rbNAlZR10HzV4mWwD11Io67-20]
> service=[http%3A%2F%2Flocalhost%3A8080%2FcasSample%2Findex.html]
> renew=false]]]
>
> In the logs, I get the dreaded:
>
> Caused by: java.io.IOException: HTTPS hostname wrong:  should be
> <gammel1.devqa>
>     at
> sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java
> :490)
>     at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:415)
>
> Here is the web.xml on my client:
>
> <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
>     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>     xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
> http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
>     version="2.4">
>     <filter>
>         <filter-name>CAS Filter</filter-name>
>         <filter-class>
>             edu.yale.its.tp.cas.client.filter.CASFilter
>         </filter-class>
>         <init-param>
>
> <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
>             <param-value>https://gammel1.devqa:8443/cas/login
> </param-value>
>         </init-param>
>         <init-param>
>
> <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
>
> <param-value>https://gammel1.devqa:8443/cas/serviceValidate</param-value>
>         </init-param>
>         <init-param>
>
> <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
>             <param-value>localhost:8080</param-value>
>         </init-param>
>     </filter>
>     <servlet>
>         <servlet-name>TestServlet</servlet-name>
>         <servlet-class>com.TestServlet</servlet-class>
>     </servlet>
>     <servlet-mapping>
>         <servlet-name>TestServlet</servlet-name>
>         <url-pattern>/*</url-pattern>
>     </servlet-mapping>
>     <filter-mapping>
>         <filter-name>CAS Filter</filter-name>
>         <url-pattern>/*</url-pattern>
>     </filter-mapping>
> </web-app>
>
> Here is the server.xml on the server (gammel1.devqa):
>
> <Server port="8005" shutdown="SHUTDOWN">
>   <GlobalNamingResources>
>     <!-- Used by Manager webapp -->
>     <Resource name="UserDatabase" auth="Container"
> type="org.apache.catalina.UserDatabase"
>        description="User database that can be updated and saved"
>            factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>           pathname="conf/tomcat-users.xml" />
>   </GlobalNamingResources>
>
>   <Service name="Catalina">
>    <Connector port="8080" minSpareThreads="5" maxThreads="100"
> enableLookups="false" acceptCount="10" debug="0"
> connectionTimeout="20000"/>
>
>     <!-- This is here for compatibility only, not required -->
>     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>
>     <Connector port="8443" maxHttpHeaderSize="8192"
>                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>                enableLookups="false" disableUploadTimeout="true"
>                acceptCount="100" scheme="https" secure="true"
>                clientAuth="false" sslProtocol="TLS"
>                keystoreFile="/usr/java/jre1.5.0_10/lib/security/cacerts"
> />
>
>     <Engine name="Catalina" defaultHost="localhost">
>       <Realm
> className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase" />
>       <Host name="localhost" appBase="webapps" >
>         <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"  prefix="localhost_access_log." suffix=".txt"
> pattern="common" resolveHosts="false"/>
>         <Logger className="org.apache.catalina.logger.FileLogger"
> directory="logs"  prefix="localhost_log." suffix=".txt" timestamp="true"/>
>             <Context path="/alEJPStatic" appBase=""
> docBase="ROOT/static"                   debug="99" reloadable="true">
>            </Context>
>       </Host>
>     </Engine>
>   </Service>
> </Server>
>
>
> Sorry for the long post. I figured most of this is relevant though. Feel
> free to snip when you reply. I have spent a lot of time looking at
> previous messages, but I can't seem to fix this. Help is appreciated.
> Thanks,
> Ross
>
> _________________________________________________________________
> Gear up for Halo(r) 3 with free downloads and an exclusive offer.
> http://gethalo3gear.com?ocid=SeptemberWLHalo3_MSNHMTxt_1
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>


-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070911/1355d589/attachment.html

More information about the cas mailing list