我们在使用本地生成SSL证书的时候,测试单点登录的时候,运行客户端出现下列错误
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:403) org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:204) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:97) org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
导致这个问题的原因就是,客户端,没有导入证书,报的错,客户端的jdk,也是需要导入证书的,而且必须和服务端的证书一致。
解决解决方法:
1.cd /cas-overlay-template/etc/cas #根据keystore生成证书,有使用到密码的,是在服务端设置的,默认的changeit 2.keytool -exportcert -alias cas -keystore ./casServer.keystore -file ./casServer.keystore.cer -storepass changeit #把证书导入到jre的相应路径,这个证书是可以删除的 3.keytool -import -alias cas -keystore /usr/local/java/jdk1.8/jre/lib/security/cacerts -file ./casServer.keystore.cer