I solved this by just including the rest of the chain in the tomcat.jks by importing them with keytool -importkeystore -srckeystore chain.jks -destkeystore tomcat.jks.
-M On Thursday, November 3, 2022 at 1:55:45 AM UTC-4 Michael Santangelo wrote: > Hello all, > > I'm struggling with getting CAS to send the certificate chain properly and > wondering if maybe I'm using the wrong lines in the config. > > Before this project I had: > server.ssl.key-store=file:/path/to/ssl/tomcat.jks > server.ssl.key-store-password=thepassword > > After some googling, I added > server.ssl.truststore=file:/path/to/ssl/chain.jks > server.ssl.truststorepassword=thepassword2 > > However, when I run SSL scans against the site, it still reports that the > chain isn't being sent. > > Is it different keys? Or should I just bake the chain into the tomcat > file? Are there any aliases I should use specifically? > > Thanks. > -M > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f72876d1-d8a8-4e45-b87a-d3767aa63498n%40apereo.org.
