First, you should know the CAC is a keystore, so it has a keystore password.
Second, you should enter the CAC password when your browser prompts password input. When setting up the SSL, your browser will try to read the keystores in your client until it can find a match one or failed. More details of your knowledge background and the target scenarios will help the others to know where you are. For example: Does your OS also using this card to login? Does your web system trust public key got from SSL? Regards, Shi Yusen/Beijing Langhua Ltd. 在 2009-07-14二的 16:46 -0700,David Allender写道: > Update: > > I solved the problem. I had to add another </bean> at the end of the > added x509check. Now it just prompts for the activeclient password and > if i click cancel enough times, it'll finally redirect me to the cas > login page. > > Can it be the deployerConfigContext.xml? or can it be something else. > I believe I'm having troubles with the whole "<property > name="identifier" value="$CN" />" and which class to use...it explains > in http://www.ja-sig.org/wiki/display/CASUM/X.509+Certificates but I'm > still a bit confused. > > Theres the keystore ./keystore in my home directory(c:\documents and > settings\username\) and a trust store in both > jdk1.6.0_10\jre\lib\security\cacerts AND jre6\lib\security\cacerts. > I can use keyman to open up the keystores and truststores to see what is > inside them and I sorta get the picture of what is in them. Certificate > Authority is in the trust store, and self signed certificates are in my > ./keystore. > > now aside from all that, there are the CAC card certificates which I > have to deal with. Can anyone help dumb it down a little so I can try > to see this a different way? Maybe analogies might help? Thank you > again in advance. > > -David > > Marvin S. Addison wrote: > >> I'm still trying to figure out how I can use those certificates and > >> automatically authenticate them using CAS so CAS can just pass the > >> ticket as soon as they see that there is the certificate there. > > > > You can certainly do this. > > http://www.ja-sig.org/wiki/display/CASUM/X.509+Certificates has > > excellent instructions. > > > > M > > > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
