> 1) Can the certificate be applied at the apache level or does it have > to be applied on the tomcat level?
Neither. The exception you quoted below is an SSL trust problem with the JVM and has nothing to do with the key/truststores used by Tomcat: > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target You must install the self-signed certificate of the CAS server into the system truststore on the portal host. The default location of the system truststore is $JAVA_HOME/jre/lib/security/cacerts. > 2) Once the ssl works, do I simply remove the > BROKEN_SECURITY_ALLOW_NON_SSL init parameter from the uportal web.xml? In order to get proxy ticket validation working, the CAS server must also trust the certificate presented by the portal. In your case where you're using a self-signed cert for uPortal as well, you'll need to import the portal certificate into the CAS server system truststore. In the end you import the self-signed certs of both hosts into the system truststores of their partners. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
