CAS(SSO) tomcat ssl 配置出错 PKIX path building failed,该怎么处理
日期:2014-05-17 浏览次数:20738 次
CAS(SSO) tomcat ssl 配置出错 PKIX path building failed
项目中要用到YALE 的CAS,
Server端 Tomcat
https://localhost:8443/cas/login 输入nike/nike 提示登录成功
Client端,也是在同一台机器的tomcat下
http://localhost:8080/MyTest/index.jsp页面会出现安全提示警告,确认后跳转到https://localhost:8443/cas/login
输入nike/nike,返回错误提示
下面是我证书生成的过程
项目中要用到YALE 的CAS,
Server端 Tomcat
https://localhost:8443/cas/login 输入nike/nike 提示登录成功
Client端,也是在同一台机器的tomcat下
http://localhost:8080/MyTest/index.jsp页面会出现安全提示警告,确认后跳转到https://localhost:8443/cas/login
输入nike/nike,返回错误提示
- Java code
exception javax.servlet.ServletException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:254) edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184) root cause javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70) edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212) edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:219) edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)
下面是我证书生成的过程
- Java code
D:\Tomcat 5.5>keytool -genkey -alias tomcat -keypass changeit -keyalg RSA
Enter keystore password: changeit
What is your first and last name?
[Unknown]: localhost
What is the name of your organizational unit?
[Unknown]: dev
What is the name of your organization?
[Unknown]: ghl
What is the name of your City or Locality?
[Unknown]: sz
What is the name of your State or Province?
[Unknown]: js
What is the two-letter country code for this unit?
[Unknown]: ch
Is CN=localhost, OU=dev, O=ghl, L=sz, ST=js, C=ch correct?
[no]: y
D:\Tomcat 5.5>keytool -export -ali
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
