Fernando, Cas does not need its own certificates. You may have to add self signed certs (or the root CA) to the java keystore.
See here for some tips, https://apereo.github.io/cas/6.3.x/installation/Troubleshooting-Guide.html Ray On Tue, 2021-08-03 at 16:55 -0700, Fernando Bárcenas Martínez wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Thanks for the reply! I'm not having any problems. I will deploy CAS to production in a few weeks and due some other infrastructure changes I'm forced (but happy) to do, I will need a new certificate. As I said, the Tomcat instances I have are already configured to be signed with CA certificates, and since Apache use them too, it means I only need to update those files to get it all working again. I'm just lazy and due those 'mixed experiences' with jks containers I was curious if I could just use my certificates so CAS is signed as well once I get the new files. That being said, it just seems that I'll just need to spend some extra time and calmly work out the jks file, which is not really a bad thing. El martes, 3 de agosto de 2021 a las 18:20:08 UTC-5, Ray Bon escribió: Fernando, I use commands from ssl shopper, https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html Cas does not use CA issued certificates, the container does. What is the problem you are trying to solve (if tomcat already has the certificates, or are these self signed)? Ray On Tue, 2021-08-03 at 15:09 -0700, Fernando Bárcenas Martínez wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi, I'm wondering if there is any way to add my SSL cert files that I use for Apache. I know that you usually do this using a jks file, but so far I've had mixed experiences importing .pems to jks and the Tomcat instance I use already use the credentials in .pem format. The changes will need to be done to the productoin server, so I have little time to fiddle around in case my jks file is not correct. Or will CAS "know" the Tomcat instance it's in is certified? Thanks! -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/dc1cb29231a181378f72cb0340ff8b1038283adf.camel%40uvic.ca.
