java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:341)
at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305)
at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50)
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:207)
at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:244)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:116)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:244)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:244)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:383)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:284)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:322)
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1684)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
我生成证书的是一个批处理:
keytool -genkey -v -alias server -keyalg RSA -keystore D:/SSL/server/server.keystore -dname "CN=i-more.net,OU=pde,O=pde,L=Peking,ST=Peking,C=CN" -validity 3650 -storepass moreman -keypass moreman
keytool -export -alias server -keystore d:/ssl/server/server.keystore -storepass moreman -file d:/ssl/server/server.cer
keytool -import -file d:/ssl/server/server.cer -storepass changeit -keystore E:/jdk1.6.0_18/jre/lib/security/cacerts -alias server -noprompt
keytool -genkey -v -alias client -keyalg RSA -storetype PKCS12 -keystore D:/SSL/client/client.p12 -dname "CN=localhost,OU=pde,O=pde,L=bj,ST=bj,C=CN" -validity 3650 -storepass client -keypass client
keytool -export -alias client -keystore d:/ssl/client/client.p12 -storetype PKCS12 -storepass client -rfc -file d:/ssl/client/client.cer
keytool -import -alias client -v -file d:/ssl/client/client.cer -keystore E:/jdk1.6.0_18/jre/lib/security/cacerts -storepass changeit
我的是tomcat 7 ,配置如下:
protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="D:\ssl\server\server.keystore"
keystorePass="moreman"
truststoreFile="e:\jdk1.6.0_18\jre\lib\security\cacerts"
truststorePass="changeit"
/>
客户端的配置web.xml
serverName
http://localhost:8080
CAS Single Sign Out Filter
org.jasig.cas.client.session.SingleSignOutFilter
CAS Single Sign Out Filter
/*
org.jasig.cas.client.session.SingleSignOutHttpSessionListener
CAS Authentication Filter
org.jasig.cas.client.authentication.AuthenticationFilter
casServerLoginUrl
https://i-more.net:8443/more_sso/login
renew
true
CAS Authentication Filter
/*
CAS Validation Filter
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
casServerUrlPrefix
https://i-more.net:8443/more_sso
CAS Validation Filter
/*
CAS HttpServletRequest Wrapper Filter
org.jasig.cas.client.util.HttpServletRequestWrapperFilter
CAS HttpServletRequest Wrapper Filter
/*
CAS Assertion Thread Local Filter
org.jasig.cas.client.util.AssertionThreadLocalFilter
CAS Assertion Thread Local Filter
/*