tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Loai Abdallatif <loai.abdalla...@gmail.com>
Subject Re: SSL on Tomcat
Date Sat, 29 Sep 2018 10:04:41 GMT
Thanks Chris, but how to do it, should I copy the ssl certificate from
Webserver 192.168.1.120 to my tomcat container (worker0) in 192.168.1.111
in server.xml .
any idea please

On Sat, Sep 29, 2018 at 1:35 AM Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Loai,
>
> On 9/27/18 10:50, Loai Abdallatif wrote:
> > Hello,
> >
> > I have Set Apache Load Balancer ( ModJK) with Server IP
> > 192.168.1.120 (Webserver01.epsilon.test)  which forward the traffic
> > to tomcat server .(192.168.1.111 (appserver01.epsilon.test)
> >
> > each tomcat server has three workers ( 0,1,2)
> >
> > I deployed *Central Authentication Service* (CAS)  on Worker0  and
> > its is working with warning related to ssl Certificate, I have
> > another Application on this worker0 called ServiceCatalog
> > unfortunatly it didnt work and gave error as below
> >
> >
> > ERROR org.jasig.cas.client.util.CommonUtils -
> > sun.security.validator.ValidatorException: PKIX path building
> > failed
> >  : sun.security.provider.certpath.SunCertPathBuilderException:
> > unable to find valid certification path to requested
> >  target javax.net.ssl.SSLHandshakeException:
> > sun.security.validator.ValidatorException: PKIX path building
> > failed: sun.sec
> >  urity.provider.certpath.SunCertPathBuilderException: unable to
> > find valid certification path to requested target
>
> As Guido says, your client (org.jasig.cas.client) does not trust the
> server it's trying to connect to.
>
> Is the server in this case the one you set up above? It's not clear
> exactly what you are trying to do.
>
> There is nothing you can change with Tomcat to fix this error... you
> must configure your client to trust the server.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAluurMsACgkQHPApP6U8
> pFiGARAAk5GnoU7+3tk16yh+cCme1mzPZiEUf0y1uE8CK74zaNB4OXbeF6iuNOEm
> 9OP5MV6zyQC/NxI+DSlUzN32ZUEDLKSw7OUcMmhBfrZs690NEChHTJV9p/EpC7NS
> 8LwMU/r3MFrvpkaLuPQsq+DbzbNRefh6+eOEhGTT3WtwW6SYtXxNUbBz4WmCSTrz
> LHPYGTpUT19CX2BE5sNQeV5F4/ul3fLSMuVp4RryVo4BLQKBwh/rexb1fUbsdxyn
> /v3HyCgreuhFV7DVMF+BuA46sccOm6kScMf7r9LrDioMswZvn79dFGgo9qMDgCWE
> 37j7Dnv72GdtlkkNAkP9sKm413B4LzAhuL56bAyK+3SRRKuiqDPgq+4tcEOsIb4u
> j6j3ZtJbpoojibAuNZWcvR3kjEPfCDUnRa6JSKXu1Y7Bekr3kLYbiGtOVWXi0ozs
> 9zzq8D7lqSDD7b0UhuZ22yuR0OBZMlxn0/ELH0GNikyLuwAd3UrrcNXfL7kpl5P9
> BFSEnpZ8uD7bhXrkVCBdM+ktXrCYS8StEIFNwXe5WeUbLdXoCDNKvlKgZKq2/IkD
> /Zjh44ecYr8TNdfvyNJxL2YGTUZcfwyZETrMX/1ont7VfFU/xHuh1DE6R60vAtfB
> 8nEsqNc+FFocsKlEwQbVyt0XP54DPfPGzXX544NLfbaIr2/2JOk=
> =Bjfw
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message