Michael, I assume you are running embedded tomcat and the process running tomcat has read access to the .jks. What certificate is being sent when you browse to cas/login? Are there any log errors on tomcat startup or page access?
Ray On Wed, 2022-11-02 at 12:44 -0700, Michael Santangelo wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello all, I'm struggling with getting CAS to send the certificate chain properly and wondering if maybe I'm using the wrong lines in the config. Before this project I had: server.ssl.key-store=file:/path/to/ssl/tomcat.jks server.ssl.key-store-password=thepassword After some googling, I added server.ssl.truststore=file:/path/to/ssl/chain.jks server.ssl.truststorepassword=thepassword2 However, when I run SSL scans against the site, it still reports that the chain isn't being sent. Is it different keys? Or should I just bake the chain into the tomcat file? Are there any aliases I should use specifically? Thanks. -M -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bab6114c8dd257569e5a96c4c1d17f30f619c1b3.camel%40uvic.ca.