I solved this by just including the rest of the chain in the tomcat.jks by importing them with keytool -importkeystore -srckeystore chain.jks -destkeystore tomcat.jks.
-M On Thursday, November 3, 2022 at 1:55:45 AM UTC-4 Michael Santangelo wrote: > Hello all, > > I'm struggling with getting CAS to send the certificate chain properly and > wondering if maybe I'm using the wrong lines in the config. > > Before this project I had: > server.ssl.key-store=file:/path/to/ssl/tomcat.jks > server.ssl.key-store-password=thepassword > > After some googling, I added > server.ssl.truststore=file:/path/to/ssl/chain.jks > server.ssl.truststorepassword=thepassword2 > > However, when I run SSL scans against the site, it still reports that the > chain isn't being sent. > > Is it different keys? Or should I just bake the chain into the tomcat > file? Are there any aliases I should use specifically? > > Thanks. > -M > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f72876d1-d8a8-4e45-b87a-d3767aa63498n%40apereo.org.
