Thankyou for enduring with me... problem solved. I had gotten myself into a tangle with too many certificates and CAS servers floating around.
I'm sure this is trivial for most but for those as novice as me - to setup CAS on a server by itself: *Get the CAS application running using the yale website instructions... I used J2EE server .war version running in tomcat *On the same server generate a key with alias tomcat into a keystore... the cn property being the name of your cas server *Generate a certificate (.crt) from the key you just created *On the same server in the SSL connector in server.xml of tomcat... point to the keystore. (keystoreFile & keystorePass) *Copy the certificate you exported to your webserver or uPortal machine. *Import the cert into your java cacerts keystore on the webserver *Check that your webserver or uPortal application has the standard CAS filter within the web-app tag of web.xml, and the serverName property being the name of your web server, including the port 8080 if that's what you're running tomcat on. Cheers, Mike On 3/5/07, Mike Crawford <[EMAIL PROTECTED]> wrote:
I've added that and it gave no additional output. I tested it by making an obvious mistake and it seems to work though. I think my problem comes down to a basic lack of understanding of the certificates and keystores. On the CAS server, I created a private key with the same name as the CAS server, then exported a cert and imported that into cacerts on the CAS server. Then I copied the cert to the web server. On the web server I set the serverName part of my filter to be the webserver name, and imported the cert into the JVM keystore. This didn't work for me. I have tomcat running on both servers, the server.xml on the CAS server pointing to the private keystore.... and on the webserver I don't need to point to a private keystore? Do I have the basics right here? Make private keystore on CAS Server, send the cert to the webserver and import it into cacerts?? Thanks, Mike On 3/1/07, Marvin S. Addison <[EMAIL PROTECTED]> wrote: > > If you suspect a keystore/certificate issue of any kind, the Java SSL > debug output is indispensable in diagnosing the problem. Could you > perform a SSL debug trace by adding > > -Djavax.net.debug=ssl > > to your JVM startup parameters. This is easily done for Tomcat: create > a $TOMCAT_HOME/bin/setenv.sh file and add the line > > CATALINA_OPTS=$CATALINA_OPTS" -Djavax.net.debug=ssl" > > This will generate _a lot_ of data in $TOMCAT_HOME/logs/catalina.out by > default. If you could post what you think are relevant bits of that > output, we might be able to help further. > > Regards, > Marvin Addison > -- > Applications Programming Analyst > Collaborative Technologies Unit > Virginia Tech > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
