Dear Master,
please your solution about my error. i dont khow where is the problem about my ssl cert. I make it by keytool command. the keystone for CAS server and pem file for CAS client. please your help master. _____________________________________________________________________________________________________________________________________ Log File : ------------------------------ B4B0 .START phpCAS-1.3.3 ****************** [CAS.php:440] B4B0 .=> phpCAS::client('2.0', '10.0.12.81', 8443, '') [index.php:26] B4B0 .| => CAS_Client::__construct('2.0', false, '10.0.12.81', 8443, '', true) [CAS.php:342] B4B0 .| | Starting a new session pgs43b7b91du7aihq0hn9aim37 [Client.php:906] B4B0 .| <= '' B4B0 .<= '' B4B0 .=> phpCAS::setExtraCurlOption(41, true) [index.php:28] B4B0 .<= '' B4B0 .=> phpCAS::setCasServerCACert('cas-server.pem') [index.php:33] B4B0 .<= '' B4B0 .=> phpCAS::forceAuthentication() [index.php:43] B4B0 .| => CAS_Client::forceAuthentication() [CAS.php:1017] B4B0 .| | => CAS_Client::isAuthenticated() [Client.php:1245] B4B0 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356] B4B0 .| | | | no user found [Client.php:1592] B4B0 .| | | <= false B4B0 .| | | no ticket found [Client.php:1453] B4B0 .| | <= false B4B0 .| | => CAS_Client::redirectToCas(false) [Client.php:1254] B4B0 .| | | => CAS_Client::getServerLoginURL(false, false) [Client.php:1613] B4B0 .| | | | => CAS_Client::getURL() [Client.php:342] B4B0 .| | | | | Final URI: http://localhost/demo/ta/cas5/ [Client.php:3466] B4B0 .| | | | <= 'http://localhost/demo/ta/cas5/' B4B0 .| | | <= ' https://10.0.12.81:8443/login?service=http%3A%2F%2Flocalhost%2Fdemo%2Fta%2Fcas5%2F ' B4B0 .| | | Redirect to : https://10.0.12.81:8443/login?service=http%3A%2F%2Flocalhost%2Fdemo%2Fta%2Fcas5%2F [Client.php:1620] B4B0 .| | | exit() B4B0 .| | | - B4B0 .| | - B4B0 .| - 2A59 .START phpCAS-1.3.3 ****************** [CAS.php:440] 2A59 .=> phpCAS::client('2.0', '10.0.12.81', 8443, '') [index.php:26] 2A59 .| => CAS_Client::__construct('2.0', false, '10.0.12.81', 8443, '', true) [CAS.php:342] 2A59 .| | Starting a new session pgs43b7b91du7aihq0hn9aim37 [Client.php:906] 2A59 .| | Ticket 'ST-16-1KRXCdvZsaTaJRBf5a9B-cas.poliupg.ac.id' found [Client.php:988] 2A59 .| <= '' 2A59 .<= '' 2A59 .=> phpCAS::setExtraCurlOption(41, true) [index.php:28] 2A59 .<= '' 2A59 .=> phpCAS::setCasServerCACert('cas-server.pem') [index.php:33] 2A59 .<= '' 2A59 .=> phpCAS::forceAuthentication() [index.php:43] 2A59 .| => CAS_Client::forceAuthentication() [CAS.php:1017] 2A59 .| | => CAS_Client::isAuthenticated() [Client.php:1245] 2A59 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356] 2A59 .| | | | no user found [Client.php:1592] 2A59 .| | | <= false 2A59 .| | | CAS 2.0 ticket `ST-16-1KRXCdvZsaTaJRBf5a9B-cas.poliupg.ac.id' is present [Client.php:1406] 2A59 .| | | => CAS_Client::validateCAS20('', NULL, NULL) [Client.php:1409] 2A59 .| | | | [Client.php:3101] 2A59 .| | | | => CAS_Client::getServerServiceValidateURL() [Client.php:3108] 2A59 .| | | | | => CAS_Client::getURL() [Client.php:453] 2A59 .| | | | | | Final URI: http://localhost/demo/ta/cas5/ [Client.php:3466] 2A59 .| | | | | <= 'http://localhost/demo/ta/cas5/' 2A59 .| | | | <= ' https://10.0.12.81:8443/serviceValidate?service=http%3A%2F%2Flocalhost%2Fdemo%2Fta%2Fcas5%2F ' 2A59 .| | | | => CAS_Client::_readURL(' https://10.0.12.81:8443/serviceValidate?service=http%3A%2F%2Flocalhost%2Fdemo%2Fta%2Fcas5%2F&ticket=ST-16-1KRXCdvZsaTaJRBf5a9B-cas.poliupg.ac.id', NULL, NULL, NULL) [Client.php:3118] 2A59 .| | | | | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242] 2A59 .| | | | | | CURL: Set CURLOPT_CAINFO cas-server.pem [CurlRequest.php:135] 2A59 .| | | | | | curl_exec() failed [CurlRequest.php:77] 2A59 .| | | | | <= false 2A59 .| | | | <= false 2A59 .| | | | could not open URL ' https://10.0.12.81:8443/serviceValidate?service=http%3A%2F%2Flocalhost%2Fdemo%2Fta%2Fcas5%2F&ticket=ST-16-1KRXCdvZsaTaJRBf5a9B-cas.poliupg.ac.id' to validate (CURL error #77 <https://github.com/Jasig/phpCAS/pull/77>: error setting certificate verify locations: 2A59 .| | | | CAfile: cas-server.pem 2A59 .| | | | CApath: none) [Client.php:3121] 2A59 .| | | | => CAS_AuthenticationException::__construct(CAS_Client, 'Ticket not validated', ' https://10.0.12.81:8443/serviceValidate?service=http%3A%2F%2Flocalhost%2Fdemo%2Fta%2Fcas5%2F&ticket=ST-16-1KRXCdvZsaTaJRBf5a9B-cas.poliupg.ac.id', true) [Client.php:3125] 2A59 .| | | | | => CAS_Client::getURL() [AuthenticationException.php:76] 2A59 .| | | | | <= 'http://localhost/demo/ta/cas5/' 2A59 .| | | | | CAS URL: https://10.0.12.81:8443/serviceValidate?service=http%3A%2F%2Flocalhost%2Fdemo%2Fta%2Fcas5%2F&ticket=ST-16-1KRXCdvZsaTaJRBf5a9B-cas.poliupg.ac.id [AuthenticationException.php:79] 2A59 .| | | | | Authentication failure: Ticket not validated [AuthenticationException.php:80] 2A59 .| | | | | Reason: no response from the CAS server [AuthenticationException.php:82] 2A59 .| | | | | exit() 2A59 .| | | | | - 2A59 .| | | | - 2A59 .| | | - 2A59 .| | - 2A59 .| - ------------------------------ My Keytool Command : ------------------------------ keytool -genkey -alias cas-server -validity 7000 -keyalg RSA -keypass changeit -storepass changeit -keystore cas-server.keystore keytool -export -alias cas-server -keypass changeit -file cas-server.crt -keystore cas-server.keystore -storepass changeit keytool -import -file cas-server.crt -alias cas-server -keypass changeit -keystore ...\jre\lib\security\cacerts -storepass changeit keytool -exportcert -alias cas-server -keypass changeit -keystore cas.keystore -storepass changeit -file cas-server.der keytool -exportcert -alias cas-server -keypass changeit keystore cas-server.keystore -storepass changeit -rfc -file cas-server.pem What is your first and last name? What is the name of your organizational unit? What is the name of your organization? What is the name of your City or Locality? What is the name of your State or Province? What is the two-letter country code for this unit? Is CN=ANDIZULFADLI, OU=ITCENTER, O=PNUP, L=MKS, ST=SULSEL, C=IN correct? ------------------------------ in my phpCAS Script ------------------------------ $cas_server_ca_cert_path = 'cas-server.pem'; phpCAS::setCasServerCACert($cas_server_ca_cert_path); ------------------------------ My Tomcat SSL Configuration ------------------------------ maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/usr/lib/jvm/java-6-openjdk/bin/cas-server.keystore" keystorePass="changeit" truststoreFile="/etc/ssl/certs/java/cacerts" /> ------------------------------ Thank you very much for your help and good response. Thank you. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user