CAS 3.4.10 SSL certificate With SHA-2

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

CAS 3.4.10 SSL certificate With SHA-2

alexadao
This post has NOT been accepted by the mailing list yet.
Hello everyone,

I am using CAS 3.4.10 for a long period of time. I rekey my ssl cert with SHA-2. and upload successful onto my tomcat server with no problem. Tomcat works fine. I having problem with my Oracle Weblogic server that used to communicate fine with the CAS server. After I installed the new SSL certificate with (SHA-2), I am getting this error during the Ticket process back to CAS. Please Advise.

Error 500--Internal Server Error

java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
        at org.jasig.cas.client.validation.Saml11TicketValidator.retrieveResponseFromServer(Saml11TicketValidator.java:203)
        at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:178)
        at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
        at com.sghe.sso.client.web.filter.SSOValidationFilter.doFilter(Unknown Source)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
        at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
        at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
        at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
        at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
        at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
        at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:951)
        at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:466)
        at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1092)
        at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1064)
        at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:452)
        at weblogic.security.SSL.jsseadapter.JaSSLEngine$1.run(JaSSLEngine.java:68)
        at weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:732)
        at weblogic.security.SSL.jsseadapter.JaSSLEngine.wrap(JaSSLEngine.java:66)
        at weblogic.socket.JSSEFilterImpl.wrap(JSSEFilterImpl.java:475)
        at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:133)
        at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:59)
        at weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:391)
        at weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:78)
        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
        at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
        at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:162)
        at weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:256)
        at org.jasig.cas.client.validation.Saml11TicketValidator.retrieveResponseFromServer(Saml11TicketValidator.java:186)
        ... 19 more
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
        at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1462)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:200)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:192)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1074)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:128)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:529)
        at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:469)
        at java.security.AccessController.doPrivileged(Native Method)
        at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:888)
        at weblogic.socket.JSSEFilterImpl.doTasks(JSSEFilterImpl.java:231)
        at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:111)
        ... 28 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:325)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:219)
        at sun.security.validator.Validator.validate(Validator.java:218)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
        at weblogic.security.SSL.jsseadapter.JaTrustManager.checkServerTrusted(JaTrustManager.java:113)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1066)
        ... 35 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:320)
        ... 41 more