Thanks for your help. For some reason CAS still not accept the self-signed cert after we added it to the JVM running our app.
When we obtained a new cert from VeriSign for our new server it worked and we are all set now. Dale Ogilvie wrote: > I think you need to add the self signed cert to the jvm running your > app. You can do this with one of the OS specific command lines below, > changing the cert location and jvm location as per your installation. > These commands are for java 6, I believe they have changed slightly from > earlier java versions. > > keytool -importcert -file /etc/pki/tls/certs/selfcert.cer -keypass > changeit -keystore /usr/java/jdk1.6.0_02/jre/lib/security/cacerts > -storetype jks -storepass changeit > > Or, on windows: > > "C:\Program Files\Java\jre6\bin\keytool" -importcert -file > c:\selfcert.cer -keypass changeit -keystore "C:\Program > Files\Java\jre6\lib\security\cacerts" -storetype jks -storepass changeit > > > ________________________________ > > From: Peter AGANYO [mailto:[email protected]] > Sent: Monday, 23 March 2009 8:09 a.m. > To: [email protected] > Subject: [cas-user] CAS Error > > > We have a newly installed lum 4 environment and are trying to test CAS > functionality on it. While testing the first CASified application we > keep getting the error: peer not authenticated. This happens during the > serviceValidate phase (if I can call it so). The cas client is expecting > an XML response from the server but it get's an error page with this > error message. However when I enter the serviceValidate url complete > with the ticket number, I get the following xml response: > > > > <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> > <cas:authenticationSuccess> > <cas:user>username</cas:user> > </cas:authenticationSuccess> > </cas:serviceResponse> > > > The cert on the server is a self-signed one. What is the cause of this > error? Is there something we need to do with the cert in order for this > to work? > > Thanks. > > Peter > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
