On Wed, Aug 12, 2015 at 2:59 PM, Waldbieser, Carl <waldb...@lafayette.edu> wrote: > > I have mod_auth_cas protecting a web site. > If I *don't* set `CASCertificatePath`, then everything works how I would > expect (CAS authenticates user, service ticket validated, user identifed to > site via REMOTE_USER). > However, if I set `CASCertificatePath` to the full path of a PEM file > containing the certificate of my CAS server, I get an "Authorization > Required" error. The debug logs show: > > MOD_AUTH_CAS: curl_easy_perform() failed (Peer certificate cannot be > authenticated with known CA certificates) > > I am using MOD_AUTH_CAS 1.0.10 according to the README. > I am using Apache 2.2.x > > Am I missing something? I thought that if I set that directive to the actual > CAS certificate, it would validate it.
I get the same behavior. It appears that curl is requiring the root CA, at least on my test server. > I am also bewildered as to why the process works when I *don't* specify the > directive, as I can't seem to find the complete trust chain in the default > certs folder ('/etc/ssl/certs/'). Is the root CA in there? Point CASCertificatePath to an empty directory if you want to see it just fail. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user