This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
One of the apps I'm deploying is CAS, which deploys fine and I can login/authenticate...the app seems to work OK. BUT when I try to access the management interface I get the dreaded
HTTP Status 500 - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The first thing we need to know is what mechanism CAS is using to authenticate with. If you have Tomcat set up to use CAS and part of that setup points Tomcat to an external CAS server, the channel between Tomcat and that CAS server would follow completely different rules than those used for incoming webapp requests.
You actually should be able to have Tomcat and CAS communicate without encryption (TLS/SSL), since that traffic is "behind the scenes" and not (I hope) on the open Internet, but I wouldn't recommend it, since anybody running an in-house traffic analyzer could potentially read clear-text userids and passwords.
Assuming then that you do encrypt the Tomcat-to-CAS network traffic, you would then need to configure the CAS server with its own encrypted channels, which probably won't be https. Furthermore, since the SSL cert for Tomcat contains the Tomcat hostname (I believe), you probably couldn't recycle that cert and use it on the CAS server (at least if the CAS server is on some other host).
So you'll have to study up on the CAS channel configurations, and most likely generate a TLS certificate for the CAS server. Since CAS doesn't require general public trust like a webserver does, this can be a self-signed cert.
An IDE is no substitute for an Intelligent Developer.