Bernard, have a look here: http://www.impetus.us/~rjmooney/projects/misc/clientcertauth.html
It's a tutorial for setting up X.509 client authentication with Apache but the same principles apply to CAS. In short: 1. Generate a private key for the client 2. Create a certificate signing request for the key from #1 3. Sign the CSR with the server's CA and private key 4. Convert the signed CSR to PKCS12 (a .p12 file) 5. Import the .p12 into the client's browser of choice Sounds complicated but it really isn't, you can automate it with a 10 line shell script. To reiterate: > Should I copy the .crt file from CAS Server and put it on my local machine? > Please tell me how. No. You use the .crt to sign the CSR. > What should be done in client ends. Import the .p12 file into the browser. For example, in Firefox: Preferences > Advanced > Encryption > View Certificates > Your Certificates > Import You don't need to import the client's private key separately, it's part of the .p12. Hope that helps! -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
