CAS SSO 错误返回PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:

在用CAS做单点登录项目时，主要参考的是兔哥的博客：诸位请看，先感激一下下：http://www.kafeitu.me/sso/2010/11/05/sso-cas-full-course.html

配置好后，run客户端，输入了用户名和密码，但是从服务器端跳转到客户端的时候出现了下列错误：

ava.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:341)

    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305)

    org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50)

    org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:207)

    org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169)

    org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:116)

    org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:76)

root cause

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

    sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1836)

    sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)

    sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)

    sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1337)

    sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)

    sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)

    sun.security.ssl.Handshaker.process_record(Handshaker.java:804)

    sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:966)

    sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1262)

    sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1289)

    sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1273)

    sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:523)

    sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

    sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1296)

    sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)

    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:326)

    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305)

    org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50)

    org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:207)

    org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169)

    org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:116)

    org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:76)

root cause

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)

    sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)

    sun.security.validator.Validator.validate(Validator.java:260)

    sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)

    sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)

    sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)

    sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1319)

    sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)

    sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)

    sun.security.ssl.Handshaker.process_record(Handshaker.java:804)

    sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:966)

    sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1262)

    sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1289)

    sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1273)

    sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:523)

    sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

    sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1296)

    sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)

    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:326)

    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305)

    org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50)

    org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:207)

    org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169)

    org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:116)

    org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:76)

root cause

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)

    java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)

    sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)

    sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)

    sun.security.validator.Validator.validate(Validator.java:260)

    sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)

    sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)

    sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)

    sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1319)

    sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)

    sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)

    sun.security.ssl.Handshaker.process_record(Handshaker.java:804)

    sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:966)

    sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1262)

    sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1289)

    sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1273)

    sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:523)

    sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

    sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1296)

    sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)

    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:326)

    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305)

    org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50)

    org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:207)

    org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169)

    org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:116)

    org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:76)

原因：客户端run的jdk 和server端run的jdk版本不同，或者你拥有多个jdk，在配置的时候，run的其实不是你导入证书的那个jdk.

解决方案：请参考第一行 兔哥的博客，去重新生成一个证书，到你要用的jdk中。

重新生成中请注意：

1.“ 您的名字和姓氏” 这一项，其实是你cas server端的host name，不要乱写。 一开始我写成了自己的名字，在运行项目的时候说，找不到我的服务器名字。

2. 导入到jdk证书库的时候，有提示说已存在某证书名。 请先删除：

（1）先切到 你的jdk ->jre->lib->security 哩

（2） 在用命令删除已存在的证书： keytool -delete -alias wsria -keystore cacerts -storepass 666666 

注：-alias 是化名的意思，在创建的时候已用到。

-keystore 就是键库的意思，在securty下有个文件cacerts是存储键的。

-storepass  就是你创建这个key的时候用到的密码。 输入正确密码才能删除已有的key.