> Can I tell Tomcat/CAS to not validate certs, or do I really have > import that CA cert somewhere?
A colleague of mine pointed out that my initial answer is not entirely correct. I claimed it's not possible to disable SSL trust checks entirely. While this is true at the level you're asking, via Tomcat or JVM system property config, it is possible by setting a custom HostNameVerifier when making a HTTPS connection. CAS doesn't provide hooks to do this, although it's come up before in the context of proxy callbacks and would be a helpful configuration option, especially for test scenarios like yours. http://vt-middleware.googlecode.com/svn/vt-ldap/trunk/src/test/java/edu/vt/middleware/ldap/AnyHostnameVerifier.java provides an example of a HostnameVerifier that disables trust checking for the connections it applies to. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
