Florent, Have you added the certificate to your apache FRONT?
Ray On Sun, 2018-01-07 at 16:35 -0800, Florent Thomas wrote: Hello everyone, Happy new year. I have an issue I don't succeed to find out a solution with proxying. I'm running the latets 5.2 graddle overlay and have an apache reverse proxy in front of the CAS instance. WAN <==> FRONT (HTTPS) <==> CAS (AJP) The SSL is provided by Let's encrypt. I made a keystore and ad the cert into the keystore and then add it into my cas server. (Thanks to https://maximilian-boehm.com/en-gb/blog/create-a-java-keystore-jks-from-let-s-encrypt-certificates-1884000/ and https://apereo.github.io/cas/developer/Build-Process.html#configure-ssl) I added the certificate into the global keystore with success and check that the cert are either in the global keystore and the one use by cas. Both are knowing my domain. The /etc/hosts of my CAS instance have the domain associated to it IP. Here is my conf : #server.port=8080 cas.server.name: https://domain.tld cas.server.prefix: https://domain.tld/cas #Service Déclarations cas.serviceRegistry.initFromJson=true cas.serviceRegistry.config.location=file:/etc/cas/config # LDAP Authetification Source logging.config: file:/etc/cas/config/log4j2.xml #Proxy part working with AJP reverse proxy : #Activate the options for secure connexions # https://discuss.pivotal.io/hc/en-us/articles/202650798--Archived-How-can-Tomcat-redirect-to-a-secure-connection-when-behind-a-reverse-proxy-web-server-1037406- cas.server.ajp.secure=true cas.server.ajp.enabled=true #cas.server.ajp.proxyPort=443 cas.server.ajp.protocol=AJP/1.3 cas.server.ajp.asyncTimeout=5000 cas.server.ajp.scheme=https cas.server.ajp.maxPostSize=20971520 cas.server.ajp.port=8080 cas.server.ajp.enableLookups=false cas.server.ajp.redirectPort=443 cas.server.ajp.allowTrace=true cas.server.ajp.attributes.attributeName=attributeValue # SSL server.ssl.enabled=true #https://apereo.github.io/cas/developer/Build-Process.html#configure-ssl #https://github.com/apereo/cas-gradle-overlay-template#deployment server.ssl.keyStore=file:/etc/cas/cas-auth.jks server.ssl.keyStorePassword=11111 server.ssl.keyPassword=11111 With this conf, I succeed in using directly the web login but I also need to use Oauth and during the callback, I have a java.security.cert.CertificateException: No name matching And it's really weird because all the keystore are macthing my domain.tld. Any advice / help woul be appreciated. regards -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1515442557.1878.26.camel%40uvic.ca.
