You are here

CAS - PKIX path error

Submitted by rabin009 on Fri, 08/08/2014 - 15:11

We're encountering PKIX path error in CAS. I understand the solution is to import authentication source intermediate certificate but I'm wondering if there is a work around if we do not have cert in our authentication source.


Luminis Version:


When you review the PKIX error in the log does it reference the CAS server's hostname?
Are you using a CAS server that was deployed during the LP5 installation or is it a standalone server? Is the CAS server currently configured with a self-signed certificate?


Hi Tom:

This is standalone server and I have CA cert in it. I checked PKIX error in the logs and it does not reference the CAS server's hostname.

- Rabin

Hi Rabin,

OK, so in your CAS configuration you should have an authentication handler that references a contextSource which should in turn define your LDAP connection...If you're not using LDAPS/636 then there shouldn't be any sort of SSL handshake occurring...Assuming that is true, the next thing I would review is your keystore configuration and verify the keystore Tomcat is using.

Hopefully that helps! If you can provide some more information about the error, behavior and configuration I'm sure the error can be resolved.
- Tom