亚洲国产高清视频,91成人精品网站,蜜桃视频一区二区三区在线观看

Yale CAS異常問題總結(2)Unable to validate ProxyTicketValidator之unable to find valid certification path to requested target

edu.yale.its.tp.cas.client.CASAuthenticationException:?Unable?to?validate?ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator?proxyList = [ null ]
[edu.yale.its.tp.cas.client.ServiceTicketValidator?casValidateUrl =
[https: // sourcesite:8443/cas/proxyValidate]?ticket=[ST-0-UMjsI0YOhF15RhutnkHW]
service=[http%3A%2F%2Fdestsite%3A8080%2Fservlets-examples%2Fservlet%2FHelloWorldExample]
renew=false]]]
????at?edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java: 52 )
????at?edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java: 455 )
????at?edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java: 378 )
????at?org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java: 202 )
????at?org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java: 173 )
????at?filters.ExampleFilter.doFilter(ExampleFilter.java: 101 )
????at?org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java: 202 )
????at?org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java: 173 )
????at?org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java: 213 )
????at?org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java: 178 )
????at?org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java: 432 )
????at?org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java: 126 )
????at?org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java: 105 )
????at?org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java: 107 )
????at?org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java: 148 )
????at?org.apache.coyote.http11.Http11Processor.process(Http11Processor.java: 869 )
????at?org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java: 664 )
????at?org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java: 527 )
????at?org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java: 80 )
????at?org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java: 684 )
????at?java.lang.Thread.run(Thread.java: 595 )
Caused?by:?javax.net.ssl.SSLHandshakeException:?sun.security.validator.ValidatorException:?PKIX?path?building?failed:
sun.security.provider.certpath.SunCertPathBuilderException:?unable?to?find?valid?certification?path?to?requested?target
????at?com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java: 150 )
????at?com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java: 1476 )
????at?com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java: 174 )
????at?com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java: 168 )
????at?com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java: 843 )
????at?com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java: 106 )
????at?com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java: 495 )
????at?com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java: 433 )
????at?com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java: 815 )
????at?com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java: 1025 )
????at?com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java: 1038 )
????at?sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java: 405 )
????at?sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java: 170 )
????at?sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java: 905 )
????at?sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java: 234 )
????at?edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java: 84 )
????at?edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java: 212 )
????at?edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java: 50 )
????

? 20 ?more
Caused?by:?sun.security.validator.ValidatorException:
PKIX?path?building?failed:?sun.security.provider.certpath.SunCertPathBuilderException:
?unable?to?find?valid?certification?path?to?requested?target
????at?sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java: 221 )
????at?sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java: 145 )
????at?sun.security.validator.Validator.validate(Validator.java: 203 )
????at?com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java: 172 )
????at?com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java: 320 )
????at?com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java: 836 )
????

? 33 ?more
Caused?by:?sun.security.provider.certpath.SunCertPathBuilderException:?unable?to?find?valid?certification?path?to?requested?target
????at?sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java: 236 )
????at?java.security.cert.CertPathBuilder.build(CertPathBuilder.java: 194 )
????at?sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java: 216 )
????

? 38 ?more

這個原因發(fā)生在：在SSL握手中，CAS Client無法識別CAS Server的證書(X)，即無法建立一條從cacerts信任證書到X的信任路徑，
讀者可以看一個叫做PKIX規(guī)范。解決辦法是檢查tomcat使用的信任證書路徑，通常是jre/lib/security/cacerts文件，看是否已經(jīng)
導入了所需信任證書。

posted on 2006-09-06 09:08 david.turing 閱讀(11352) 評論(5) 編輯收藏所屬分類: Security異常問題

keytool -list -v -keystore D:\jdk1.5.0_06\.keystore

我導入了證書，怎么還是有錯誤啊！

Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: tomcat
Creation date: Feb 8, 2007
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=localhost, OU=onepoint, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: CN=localhost, OU=onepoint, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Serial number: 45cad5a6
Valid from: Thu Feb 08 15:47:50 CST 2007 until: Wed May 09 15:47:50 CST 2007
Certificate fingerprints:
MD5: EF:89:D1:5E:0E:59:AC:FB:1A:7C:08:1E:C0:2A:3D:B5
SHA1: 32:59:93:24:06:A9:23:E4:C6:6E:94:D9:09:CA:B6:0A:AC:C2:C9:45

回復更多評論

# re: Yale CAS異常問題總結(2)Unable to validate ProxyTicketValidator之unable to find valid certification path to requested target[未登錄] 2007-02-08 20:10 david.turing

This is a trustcert entry but you need to import it into %JAVA_HOME%\jre\lib\security\cacerts where your CAS can't locate it. Make sure you do that, and the password for cacerts has a lot of un-useful trustcert, remove all of them and importyour "tomcat" entry into cacerts(through SecureRCP) 回復更多評論

# re: Yale CAS異常問題總結(2)Unable to validate ProxyTicketValidator之unable to find valid certification path to requested target 2007-06-13 11:02 yongyuan.jiang

good~ 回復更多評論

# re: Yale CAS異常問題總結(2)Unable to validate ProxyTicketValidator之unable to find valid certification path to requested target 2010-06-26 17:19 zhaoyanh

@yongyuan.jiang
經(jīng)驗總結，需要將CAS服務器的證書文件，不是CRT文件，而是用KEYTOOL生成的數(shù)據(jù)文件拷貝到應用服務器上，用keytool -import 導入到已在應用服務上自己生成的證書文件中（cacerts）,用 -list 命令查看變成了2條，一條是自己的，一條是CAS服務器的，將這個文件拷貝到JVM環(huán)境中，就好用了。回復更多評論

# re: Yale CAS異常問題總結(2)Unable to validate ProxyTicketValidator之unable to find valid certification path to requested target[未登錄] 2010-06-30 15:22 墮落佛

@oldman

你看看你是不是顯示聲明了 trustStore的位置，如果是的話，看看那個位置對不對回復更多評論

新用戶注冊刷新評論列表


只有注冊用戶登錄后才能發(fā)表評論。




網(wǎng)站導航: 博客園 IT新聞 Chat2DB C++博客博問管理
相關文章: Tomcat/Weblogic在SSL握手中，IE提交證書窗口為空的問題發(fā)現(xiàn)GDCA USBKey(電子鑰匙)的CSP數(shù)字簽名實現(xiàn)存在缺陷 Yale CAS異常問題總結(2)Unable to validate ProxyTicketValidator之unable to find valid certification path to requested target Yale CAS異常問題總結(1)Unable to validate ProxyTicketValidator之HTTPS hostname wrong: should be..... Certificate chain received from 客戶端- 192.168.10.10 was not trusted causing SSL handshake failure Unexpected Signal : EXCEPTION_ACCESS_VIOLATION javax.security.auth.login.LoginException:沒有為 XXX 配置LoginModules javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found

# re: Yale CAS異常問題總結(2)Unable to validate ProxyTicketValidator之unable to find valid certification path to requested target 2007-02-08 15:54 oldman

# re: Yale CAS異常問題總結(2)Unable to validate ProxyTicketValidator之unable to find valid certification path to requested target[未登錄] 2007-02-08 20:10 david.turing

# re: Yale CAS異常問題總結(2)Unable to validate ProxyTicketValidator之unable to find valid certification path to requested target 2007-06-13 11:02 yongyuan.jiang

# re: Yale CAS異常問題總結(2)Unable to validate ProxyTicketValidator之unable to find valid certification path to requested target 2010-06-26 17:19 zhaoyanh

# re: Yale CAS異常問題總結(2)Unable to validate ProxyTicketValidator之unable to find valid certification path to requested target[未登錄] 2010-06-30 15:22 墮落佛

David.Turing's blog

Yale CAS異常問題總結(2)Unable to validate ProxyTicketValidator之unable to find valid certification path to requested target

評論

導航

統(tǒng)計

常用鏈接

留言簿(110)

我參與的團隊

隨筆分類(126)

隨筆檔案(155)

文章分類(9)

文章檔案(19)

相冊

搜索

積分與排名

最新隨筆

最新評論

閱讀排行榜

評論排行榜