cas报错(No subject、'principal' cannot be null、PKIX path validation failed等错误)

1、cas报错No subject alternative names present

1.1错误提示

[org.jasig.cas.client.util.CommonUtils]-[ERROR]java.security.cert.CertificateException: No subject alternative names present

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternativenames present

atsun.security.ssl.Alerts.getSSLException(Alerts.java:192)

atsun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)

atsun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

atsun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)

1.2原因和解决方法

原因是不能用IP地址的URL中用了IP地址，查看你在访问cas服务端时候是否使用了ip地址，比如127.0.0.1之类的，如果使用了IP地址，请修改为域名，如果使用的是127.0.0.1的话，修改为localhost。

如果这样处理后还是不能解决，你还是放弃自己的环境，重新搭建一个环境，先正确跑起来，然后在跑起来的基础上在做扩展和修改吧，一个完美运行的环境(按步骤做即可)：

http://blog.csdn.net/pucao_cug/article/details/70182968

2 、cas报错'principal' cannot be null.

2.1错误提示

[org.jasig.cas.web.flow.AuthenticationViaFormAction]- <'principal' cannot be null.

Check the correctness of @Auditannotation at the following audit point: execution(public abstractorg.jasig.cas.authentication.Authenticationorg.jasig.cas.authentication.AuthenticationManager.authenticate(org.jasig.cas.authentication.AuthenticationTransaction))

java.lang.IllegalArgumentException: 'principal' cannot be null.

2.2原因和解决方法

原因是你的服务端环境缺少了commons-collections4这个jar包，在cas4.2.7服务端从数据库读取用户的更多信息的时候需要用到这个jar包，可以下载commons-collections4-4.1.jar加入到服务端的WEB-INF/lib下。

http://blog.csdn.net/pucao_cug/article/details/70182968

3、cas报错PKIX path validation failed

3.1错误提示

javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path validation failed:java.security.cert.CertPathValidatorException: signature check failed

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

atsun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478)

atsun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)

atsun.security.ssl.Handshaker.processLoop(Handshaker.java:969)

atsun.security.ssl.Handshaker.process_record(Handshaker.java:904)

atsun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)

atsun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)

atsun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)

atsun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)

atsun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)

atsun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)

atsun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)

Caused by:java.security.SignatureException: Signature does not match.

atsun.security.x509.X509CertImpl.verify(X509CertImpl.java:449)

atsun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:166)

at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:147)

atsun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:119)

... 56 more

3.2原因和解决方法

原因是使用https协议的时候你需要做一个事情，那就是在cas服务端生成秘钥库，在秘钥库中添加一个秘钥对条目，将该条目的信息以及公钥导出为数字证书，然后将该数字证书导入到cas客户端的web容器所使用的那个JRE的秘钥库中。

如果不清楚怎么生成秘钥库，添加条目，导出和导入证书，你可以参考该博文：

http://blog.csdn.net/pucao_cug/article/details/70136159

http://blog.csdn.net/pucao_cug/article/details/70182968