Hi,
I resolved my earlier problems with HTTPS and SSL certificates and have gotten as far as obtaining the proxy granting ticket, but just when I thought I was past my HTTPS woes, I have run into another SSL related issue. Right now I am using self-signed certificates and will be for a while. I am trying to use Cas20ProxyRetriever to retrieve the proxy ticket and it requires an Apache Commons HttpClient to operate. I have tried both by using a default HttpClient directly injected and by using the HttpClient3FactoryBean. I have not yet found a combination that accepts my self-signed certificates. I get a javax.net.ssl.SSLPeerUnverifiedException each time I invoke getProxyTicketIdFor and pass the httpClient and service name. I assume I need to somehow point the httpClient to a trust store containing the self signed certificate from the CAS server, but I haven't yet been able to see how to do that. The CAS server certificate has already been loaded into the JRE trust store and the other CAS client code (e.g. the proxyValidate call to validate the original service ticket) seems to be working ok, but my custom use of Cas20ProxyRetriever is not. The documentation on HttpClient3FactoryBean is pretty sparse so I just made a guess and tried setting strict and useStrictHostNameChecking to false. The error changed from javax.net.ssl.SSLPeerUnverifiedException to javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake Caused by: java.io.EOFException: SSL peer shut down incorrectly What do I need to do to make this work? Help? Bill Bailey Senior Developer / DBA Northland, A Church Distributed
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
