Thanks for the reply.
Our cas server is ulogin.utah.edu, it's cert's CN is *.utah.edu.
It didn't even occur to me that java was doing the server validation behind the
scenes...
Now I am even more curious as to why our java CASified apps can talk to our CAS
server with no problem but my apache server with mod_auth_cas gets the name
validation error.
I wonder if there is something amiss in my openssl installation (or
mod_auth_cas build?) on the apache server (running on windows server).
There is probably a clue in here somewhere:
C:\OPENSS~1>openssl s_client -host ulogin.utah.edu -port 443
Loading 'screen' into random state - done
CONNECTED(000000E0)
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Glo
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=Utah/L=Salt Lake City/O=The University of Utah/OU=Office of
ation Technology/CN=*.utah.edu
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global CA
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global CA
i:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits li
U=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification
ity
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIG9TCCBd2gAwIBAgIQD9hvzFZFS/efZthhYRN+UzANBgkqhkiG9w0BAQUFADBc
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMRswGQYDVQQDExJEaWdpQ2VydCBHbG9iYWwgQ0EwHhcN
MDcwNTE4MDAwMDAwWhcNMTAwOTE3MjM1OTU5WjCBljELMAkGA1UEBhMCVVMxDTAL
BgNVBAgTBFV0YWgxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR8wHQYDVQQKExZU
aGUgVW5pdmVyc2l0eSBvZiBVdGFoMSkwJwYDVQQLEyBPZmZpY2Ugb2YgSW5mb3Jt
YXRpb24gVGVjaG5vbG9neTETMBEGA1UEAxQKKi51dGFoLmVkdTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALCoBRXKMHgCPnBRbmHwsdmPDU9lkaJWfKz4
UmdvHn7szjAVxKeKV/N7V1LGB0jtK6NJKZLmnyPAV/JX9LOpzx0pbVzmWKR+skH6
ouPpsb6Gcm0Mb+mAHzduN0Q/CMzJk5lMn+x3yfWZgB/YfYq70YYz8u1qQdYXcvgp
LHermWNNWuaSJ+hGF4jVg0aStOP0f1T6OgnCBfcnXPtYUSfSWqJknqBZfRo2/5dR
F3idEYktAfJwsvHcx+zy1oGDfOQyg9Ny6PvTiNyE47i+GTSf2iCGYWqmky/V4MIb
rQRSJ9qfLvYeejl+OsCMJazU/ieiSQFjN8v4mVyMJmwt8EVVe9kCAwEAAaOCA3Yw
ggNyMB8GA1UdIwQYMBaAFKfHE6B6ATyd74JIgkjVc1G2ElYqMB0GA1UdDgQWBBRU
HUeNjB7VadyhpNpYbKmRjluHVzAwBgNVHREEKTAngg91bG9naW4udXRhaC5lZHWC
CHV0YWguZWR1ggoqLnV0YWguZWR1MHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcw
AYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8v
d3d3LmRpZ2ljZXJ0LmNvbS9DQUNlcnRzL0RpZ2lDZXJ0R2xvYmFsQ0EuY3J0MA4G
A1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMH8GA1UdHwR4MHYwOaA3oDWGM2h0
dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbENBLTIwMDlkLmNy
bDA5oDegNYYzaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFs
Q0EtMjAwOWQuY3JsMIIBxgYDVR0gBIIBvTCCAbkwggG1BgtghkgBhv1sAQMAATCC
AaQwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQuY29tL3NzbC1jcHMt
cmVwb3NpdG9yeS5odG0wggFkBggrBgEFBQcCAjCCAVYeggFSAEEAbgB5ACAAdQBz
AGUAIABvAGYAIAB0AGgAaQBzACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAAYwBv
AG4AcwB0AGkAdAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBuAGMAZQAgAG8AZgAg
AHQAaABlACAARABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQAFMAIABhAG4AZAAg
AHQAaABlACAAUgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBt
AGUAbgB0ACAAdwBoAGkAYwBoACAAbABpAG0AaQB0ACAAbABpAGEAYgBpAGwAaQB0
AHkAIABhAG4AZAAgAGEAcgBlACAAaQBuAGMAbwByAHAAbwByAGEAdABlAGQAIABo
AGUAcgBlAGkAbgAgAGIAeQAgAHIAZQBmAGUAcgBlAG4AYwBlAC4wHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQCNaLCCXrnZ
/Vu7FndfY3hLyKXaM4t7PtEJ5jTP2TGSmP22GfEhFhkd4K+aZNuUGzowOWoeMeej
Ky8WZYCJMqY6uEg7ctRL8X2TrKsYdNfmtVC2JbDjnMQmg2NaGYuuYA0o2o4I/sHf
venO3js1ndbvrAU5uUnOWAu7wwGgINDpLAfuRYTkv6ShmPkdg0tF02/DGF3O+HSC
TuFIwWvjgZg9G1kO5JMQY+MnWC5HVg/9Rbs0512pya7XipfQfkV7kNodAXKcw0ds
edI84fQPeLlFqKD7UfrN+KSF8ayFh7T77okz+XSFKz7GpxsPY6Vue524bEkIKNm5
/iZ49nsHBAww
-----END CERTIFICATE-----
subject=/C=US/ST=Utah/L=Salt Lake City/O=The University of Utah/OU=Office
ormation Technology/CN=*.utah.edu
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global CA
---
No client certificate CA names sent
---
SSL handshake has read 3642 bytes and written 408 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 8CFE7193B8EBAF1013713A905659FF8F69629007483979B613ADBDC4DF
Session-ID-ctx:
Master-Key: 73EF831DDA972CA70A1F6CE8FFAA6BADAC72C9E7B63F382164E8046307
7CF60CDA2E0FBCAD0506228DDD3D4537
Key-Arg : None
PSK identity: None
PSK identity hint: None
Start Time: 1281466250
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
closed
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
