After I finished trying to use the truststore supplied with the sample application, I changed my application to use my truststore, but forgot to update the CAS server to present my self-signed certificate. Once I updated the server config to supply my certificate, it worked (although I am being sent to the default page rather than the requested page). I am still confused why the keystore/truststore supplied with the sample application won't work with my application, but at least everyone is happy with the certificate now.
-----Original Message----- From: Marvin Addison [mailto:[email protected]] Sent: Monday, March 15, 2010 9:26 PM To: [email protected] Subject: Re: [cas-user] SSL certificate problems Here is the localhost certificate that is in your truststore: adding as trusted cert: Subject: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Issuer: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Algorithm: RSA; Serial number: 0x4b9ac554 Valid from Fri Mar 12 17:51:00 EST 2010 until Thu Jun 10 18:51:00 EDT 2010 Here is the localhost certificate presented by your CAS server: Subject: CN=localhost, OU=Spring Security Sample Applications, O=Spring Security, L=Glasgow, ST=Scotland, C=GB Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 ... Issuer: CN=Spring Security Test CA, OU=Spring Security, O=Spring Framework, L=Glasgow, ST=Scotland, C=GB Clearly these are not the same localhost certificate. In general it's best to add the issuing certificate to the truststore, the CN=Spring Security Test CA certificate in this case. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
