You are correct, Carlos. Thank you for spotting that. I did have another Connector defined for port 8080 with a redirect, but had mixed things up in the SSL Connector.
Thank you, again. On to the next challenge….. From: Carlos Fernandez [mailto:cfern...@sju.edu] Sent: Monday, December 15, 2014 12:36 PM To: cas-user@lists.jasig.org Subject: RE: [cas-user] attempting to access CAS login via https Hi, Chris, The excerpt from server.xml that you pasted indicates that you enabled HTTPS on port 8080. If you try https://yourserver:8080/.., I bet it’ll work. For it to work the way that you intend, you’ll need two connectors, like this: <Connector protocol="HTTP/1.1" port="8080" maxthreads="200" redirectPort="8443" /> <Connector protocol="HTTP/1.1" port="8443" maxthreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/etc/pki/java/cacerts" keystorePass="changeit" truststoreFIle="/etc/pki/java/cacerts" truststorePass="changeit" clientAuth="false" sslProtocol="TLS" /> Best regards, -- Carlos. From: Chris Adams [mailto:chris.a.ad...@state.or.us] Sent: Monday, 15 December, 2014 15:28 To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> Subject: RE: [cas-user] attempting to access CAS login via https Honestly, the logs don’t show much other than a http 302 error, as it is trying to do redirect. Maybe I am not looking in the right place. In the Tomcat server.xml file, I have SSL defined and a redirect, like the following. However, when I use netstat to see what is listening on port 8443, there is nothing. That may be a large part of why this isn’t working <Connector protocol="HTTP/1.1" port="8080" maxthreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/etc/pki/java/cacerts" keystorePass="changeit" truststoreFIle="/etc/pki/java/cacerts" truststorePass="changeit" clientAuth="false" sslProtocol="TLS" redirectPort="8443" /> I generated the SSL certificate using the domain name that I am using to access the login page: https://mydomain.com:8443/cas-server-webapp/login Again, I can access the login page using http on port 8080, but not using port https on port 8443 I looked over the troubleshooting page that you referenced, and things seem to check out. Thank you for any suggestions that you might have. From: Jérôme LELEU [mailto:lel...@gmail.com] Sent: Monday, December 15, 2014 11:03 AM To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> Subject: Re: [cas-user] attempting to access CAS login via https Hi, What do you exactly mean by "can't access via port 8443"? Anything relevant in your logs? This guide should provide you some help: https://wiki.jasig.org/display/casum/ssl+troubleshooting+and+reference+guide. Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com<http://www.casinthecloud.com> | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas<http://www.jasig.org/cas> | Creator of pac4j: www.pac4j.org<http://www.pac4j.org> 2014-12-15 19:51 GMT+01:00 Chris Adams <chris.a.ad...@state.or.us<mailto:chris.a.ad...@state.or.us>>: Hello all, I have CAS server set up and accessible using http and port 8080. I would like to secure it by requiring https on port 8443. I followed some instructions and generated a security certificate, which I imported into Java cacerts. Then I modified the server.xml file in Tomcat to allow access on port 8443 using TLS. I modified iptables to allow port 8443. I restarted Tomcat, but still can’t access via port 8443. What might I be missing? Many thanks for your suggestions. -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: lel...@gmail.com<mailto:lel...@gmail.com> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: chris.a.ad...@state.or.us<mailto:chris.a.ad...@state.or.us> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: cfern...@sju.edu<mailto:cfern...@sju.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: chris.a.ad...@state.or.us<mailto:chris.a.ad...@state.or.us> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
