On Wed, Aug 12, 2015 at 2:59 PM, Waldbieser, Carl
<waldb...@lafayette.edu> wrote:
>
> I have mod_auth_cas protecting a web site.
> If I *don't* set `CASCertificatePath`, then everything works how I would
> expect (CAS authenticates user, service ticket validated, user identifed to
> site via REMOTE_USER).
> However, if I set `CASCertificatePath` to the full path of a PEM file
> containing the certificate of my CAS server, I get an "Authorization
> Required" error. The debug logs show:
>
> MOD_AUTH_CAS: curl_easy_perform() failed (Peer certificate cannot be
> authenticated with known CA certificates)
>
> I am using MOD_AUTH_CAS 1.0.10 according to the README.
> I am using Apache 2.2.x
>
> Am I missing something? I thought that if I set that directive to the actual
> CAS certificate, it would validate it.
I get the same behavior. It appears that curl is requiring the root
CA, at least on my test server.
> I am also bewildered as to why the process works when I *don't* specify the
> directive, as I can't seem to find the complete trust chain in the default
> certs folder ('/etc/ssl/certs/').
Is the root CA in there? Point CASCertificatePath to an empty
directory if you want to see it just fail.
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
