当前位置: 代码迷 >> Java Web开发 >> CAS(SSO) tomcat ssl 配置出错 PKIX path building failed,该怎么处理
  详细解决方案

CAS(SSO) tomcat ssl 配置出错 PKIX path building failed,该怎么处理

热度:2493   发布时间:2013-02-25 21:20:52.0
CAS(SSO) tomcat ssl 配置出错 PKIX path building failed
项目中要用到YALE 的CAS,

Server端 Tomcat
  https://localhost:8443/cas/login 输入nike/nike 提示登录成功

Client端,也是在同一台机器的tomcat下
  http://localhost:8080/MyTest/index.jsp页面会出现安全提示警告,确认后跳转到https://localhost:8443/cas/login 
  输入nike/nike,返回错误提示
Java code
exception javax.servlet.ServletException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target    edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:254)    edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)root cause javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target    com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)    com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)    com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)    com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)    com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)    com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)    com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)    com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)    com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)    com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)    com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)    com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)    sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)    sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)    sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)    sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)    edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70)    edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)    edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:219)    edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)

下面是我证书生成的过程
Java code
D:\Tomcat 5.5>keytool -genkey -alias tomcat -keypass changeit -keyalg RSA      Enter keystore password:  changeit      What is your first and last name?          [Unknown]:  localhost      What is the name of your organizational unit?          [Unknown]:  dev      What is the name of your organization?          [Unknown]:  ghl      What is the name of your City or Locality?          [Unknown]:  sz      What is the name of your State or Province?          [Unknown]:  js      What is the two-letter country code for this unit?          [Unknown]:  ch      Is CN=localhost, OU=dev, O=ghl, L=sz, ST=js, C=ch correct?          [no]:  yD:\Tomcat 5.5>keytool -export -alias tomcat -keypass changeit -file server.crt     Enter keystore password:  changeit     Certificate stored in file <server.crt>D:\Tomcat 5.5>keytool -import -file server.crt -keypass changeit -keystore "D:\Program Files\Java\jdk1.5.0_07\jre\lib\security\cacerts"    Enter keystore password:  changeit    Owner: CN=localhost, OU=dev, O=ghl, L=sz, ST=js, C=ch    Issuer: CN=localhost, OU=dev, O=ghl, L=sz, ST=js, C=ch    Serial number: 4ad6c7b8    Valid from: Thu Oct 15 14:56:56 CST 2009 until: Wed Jan 13 14:56:56 CST 2010    Certificate fingerprints:         MD5:  B3:94:76:16:3B:42:0D:F0:EB:EF:3F:23:64:05:F9:38         SHA1: 52:5A:14:38:AB:4D:19:E7:64:2D:E8:51:88:D1:6D:3F:ED:4B:ED:5D    Trust this certificate? [no]:  yes    Certificate was added to keystoreD:\Tomcat 5.5>【/code]客户端配置[code=Java]<?xml version="1.0" encoding="UTF-8"?><web-app version="2.5"     xmlns="http://java.sun.com/xml/ns/javaee"     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee     http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">    <filter>               <filter-name>CASFilter</filter-name>          <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>                 <init-param>                 <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>               <param-value>https://localhost:8443/cas/login</param-value>               </init-param>                              <init-param>               <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>               <param-value>https://localhost:8443/cas/proxyValidate</param-value>               </init-param>                                 <init-param>                              <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>                    <param-value>localhost:8080</param-value>               </init-param>       </filter>              <filter-mapping>                   <filter-name>CASFilter</filter-name>                   <url-pattern>/* </url-pattern>           </filter-mapping>   <welcome-file-list>    <welcome-file>index.jsp</welcome-file>  </welcome-file-list></web-app>
  相关解决方案

代码迷 - 您身边的软件异常,代码异常,编程异常助手(发现,解决,分享)
Copyright © 2009-2013 DAIMAMI.COM. All rights reserved.