I immediately ran into problems with the following error:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This error occured because the certificate being referenced was not in my JRE's keystore. I was able to resolve following the procedure at dreamingthings blog.
I was not thru yet. I then got this error:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
This error arose since I was using the IP address of the server in the CAS authentication URL. While I had used the IP for the Common Name (CN) entry while generating the certificate, this sun forum answer by user ejp discourages that.
I finally regenerated the self signed certificate, making sure that I used the hostname for the CN entry. There were no more errors after that :)
My next post should be on getting ZK to show the CAS username saved in the session.
Rather than replace the JRE's 'cacerts' file, a better way appears to be to copy it into the installcert directory and rename it to 'jssecerts' so that the self signed certificate is added to it, then copy it back to the JRE's security folder.
ReplyDelete