On May 7, 2010, at 4:51 AM, Marvin Addison wrote: > 2.5.4 of http://www.jasig.org/cas/protocol, which includes your point > about certificate trust. Those requirements bite a _lot_ of folks, so > mentioning them repeatedly would be helpful.
Ow, ow ow! It is biting me right now! I missed that requirement for the endpoint nodes. > Despite having a root CA for the target nodes installed in the keychain, the central Java keystore in /Library/Java/Home/lib/security/cacerts and the keystore explicitly named in the tomcat server.xml, the bean/object that does the proxy callback to the node is using some keystore I can't find, or undefined, or has requirements for the Root CA that I'm not meeting. I'm waiting on a commercial cert for one of the nodes to see if that fixes it. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
