The certificate indicates that the 'server' (Tomcat, jBoss, etc) is to be trusted, not the app.
So, if CAS and the applications are in the same server, you need only one certificate. If you use more than one server, and use self-signed certificates... you are in for some pain. All of the self-signed certificates have to be trusted in all of the servers, or you'll have problems with calls between apps and CAS (in a browser you get a prompt telling you the certificate looks bogus - but an app does not have that prompt, it just fails). -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
