Alfrsco+cas is not working validate

I'm using Alfresco 4.2.f, CAS-server 4.0.0 and CAS-client(which added in share/web-inf/lib).

CAS-server 4.0.0 installed on server_tomcat (port 8081 and 8444(https protocol)). Share installed on alfresco_tomcat (port 8080 and 8443(https protocol) <--- standard configuration (server.xml):

<Connector port="8080" URIEncoding="UTF-8" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" maxHttpHeaderSize="32768" />
    <Connector port="8009" URIEncoding="UTF-8" protocol="AJP/1.3" redirectPort="8443" />

        <Connector port="8443" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
                   maxThreads="150" scheme="https" keystoreFile="/Applications/alfresco-4.2.f/alf_data/keystore/ssl.keystore" keystorePass="kT9X6oe68t" keystoreType="JCEKS"
     secure="true" connectionTimeout="240000" truststoreFile="/Applications/alfresco-4.2.f/alf_data/keystore/ssl.truststore" truststorePass="kT9X6oe68t" truststoreType="JCEKS"
                   clientAuth="want" sslProtocol="TLS" allowUnsafeLegacyRenegotiation="true" maxHttpHeaderSize="32768" />

)

After I commented in share/WEB-INF/web.xml:

 <!--

   <filter>

      <description>MT authentication support - NOTE: does not support portlets</description>

      <filter-name>MTAuthentationFilter</filter-name>

      <filter-class>org.alfresco.web.site.servlet.MTAuthenticationFilter</filter-class>

   </filter>

   -->

 <!--

   <filter>

      <description>Share SSO authentication support filter.</description>

      <filter-name>Authentication Filter</filter-name>

      <filter-class>org.alfresco.web.site.servlet.SSOAuthenticationFilter</filter-class>

      <init-param>

         <param-name>endpoint</param-name>

         <param-value>alfresco</param-value>

      </init-param>

   </filter>

 -->

and added:

org.jasig.cas.client.session.SingleSignOutHttpSessionListener

    <filter>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter>
        <filter-name>CAS Filter</filter-name>
        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <param-value>https://localhost:8444/cas/login</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://localhost:8080</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>CAS Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>CAS Validation Filter</filter-name>
        <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>https://localhost:8444/cas</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://localhost:8080</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>CAS Validation Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

The next step is created pair key(ssl): In terminal, I typed:

1)Generate keystore keytool -genkey -alias sso -keyalg RSA -keysize 1024 -keypass cangeit -valididty 3650 -keystore /path/to/keystore/sso.keystore -storepass changeit

(In this point, I should typed: FirstName and LastName: localhost (it's my host name)) 2)Create certificate keytool -export -alias ssl -keystore /path/to/keystore/sso.keystore -file /path/to/keystore/sso.crt -storepass changeit

3)Add certificate to trustore keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file /path/to/keystore/sso.crt -alias sso

After I added in $tomcat_server$/conf/server.xml:

<Connector port="8444" URIEncoding="UTF-8" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="/path/to/keystore/sso.keystore" 
               keystorePass="changeit" keyAlias="sso"/>

Then, I started tomcat_server, alfresco_tomcat.

I pass the link: localhost:8080/share(http) Due to ($alfresco_tomcat/webapps/share/WEB-INF/web.xml) share redirect me to localhost:8444/cas(https), where I see the login page. I typed: Username: casuser, Password: Mellon <-- It's standart login/password.

After that I was back redirects to http://localhost:8080/share/... ,where the validation key, but in the point I have error (in browser is 500 error) In $alfresco_tomcat/logs/localhost.log:

SEVERE: Servlet.service() for servlet [jsp] in context with path [/share] threw exception java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

After googled, I got information, that Share can't validate my certificate (which I added).

Please help me with the problem...