Re: [ljc] Fwd: Exceptions OF HELL

From: Neil B.
Sent on: Friday, June 22, 2012 9:46 AM
The exception means that your certificate does not have a valid
signing chain all the way up to the root certificates installed in
your OS/browser (i.e. Verisign, Thawte etc). Probably because it's a
self-signed certificate.

To support self-signing or a different set of root certificates, you
need to implement your own javax.net.ssl.TrustM­anager and attach it to
the SSLContext.

Regards
Neil

On Fri, Jun 22, 2012 at 8:26 AM, josemiguel <[address removed]> wrote:
> Hi all,
>
> I've found resources on how to use Shibboleth as Service Provider and
> Identity Provider, or OpenAM but nothing where OpenAM acts as a
> Service Provider, and I wonder whether any member has previous
> experience on that.
>
> I set up a local instance of OpenAM and I wanted to test the Service
> Provider configuration against testshib.org, with no success. I'm a
> bit stuck dealing with digital certificates, and not very sure about
> what I'm doing wrong.
>
>
> OpenAM provides its own keystore with one test certificate that I have
> exported to identify my Open AM service provider as testshib.org
> configuration requires. Furthermore I configure tomcat to use UTF-8
> encoding.
>
>
> Exception:
>
> java.security.Privil­egedActionException:­
> com.sun.xml.messagin­g.saaj.SOAPException­Impl: Message send failed
>
> Caused by: javax.net.ssl.SSLHan­dshakeException:
> sun.security.validat­or.ValidatorExceptio­n: PKIX path building failed:
> sun.security.provide­r.certpath.SunCertPa­thBuilderException: unable to
> find valid certification path to requested target
>
> Caused by: sun.security.validat­or.ValidatorExceptio­n: PKIX path
> building failed:
> sun.security.provide­r.certpath.SunCertPa­thBuilderException: unable to
> find valid certification path to requested target
>
>
> Caused by: sun.security.provide­r.certpath.SunCertPa­thBuilderException:
> unable to find valid certification path to requested target
>
> Thank you.
>
> José Miguel Martínez Carrasco
> --------------------­--------------------­--------
> http://www.jm2dev...­
> http://identi.ca/...­
> http://twitter.co...­
> http://uk.linkedi...­
>
>
>
>
> --
> Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
> http://www.meetup...­
> This message was sent by josemiguel ([address removed]) from LJC - London Java Community.
> To learn more about josemiguel, visit his/her member profile: http://www.meetup...­
> Set my mailing list to email me
>
> As they are sent
> http://www.meetup...­
>
> In one daily email
> http://www.meetup...­
>
> Don't send me mailing list messages
> http://www.meetup...­
> Meetup, PO Box 4668 #37895 New York, New York[masked] | [address removed]
>

Our Sponsors

  • Our Blog

    Read the latest news from the LJC

  • RecWorks Ltd

    Fixing Tech Recruitment using the Power of Community

  • jClarity

    Java/JVM Performance Analysis Tools & mentoring for Java related matters

  • LJC Aggrity

    Our LJC Aggrity site contains blog posts from our members

  • LJC Book Club

    Our Book club with book reviews from our members

  • Devoxx UK

    Java Community Conference, in collaboration with the LJC 12/13 Jun 14

  • SkillsMatter

    "Host, help organise, promote, film many of our meetings."

  • New Relic

    New Relic makes sense of billions of metrics a day in real time.

  • Hazelcast

    Hazelcast is the leader in operating in-memory computing.

  • Java.Net

    We are an official Java User Group recognised by Oracle's JUG program

  • JRebel

    Free 3 month J-Rebel license.

  • O'Reilly

    40% discount on printed books and 50% on e-books.

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy