SOLVED Hello, just wanted to add these information to the archive in case someone has the same problem and finds my post..
Problem: Even certificate from compc (apache) is added to the keystore, tomcat throws something like javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching compc found I finally solved this issue. Get the "server.crt" (that one which is used by apache) from compc and copy it to compb. On compb add it to the keystore with something like C:\Programme\Java\jdk1.6.0_20\bin>keytool -import -alias compc -file compc.crt - keystore ..\jre\lib\security\cacerts (I renamend server.crt from compc to compc.crt just to remember). I did these quite often, but I still got the above quoted exception. NOW TO SOLVE THIS PROBLEM: Make sure the urls in the filter-Config (in the web.xml) for CAS has fullqualified domain names. In detail: So, in my example all machines got dns-entries from my domain a1317.de. The whole thing started working as I changed (for example): <param-value>https://compc:443/cas/serviceValidate</param-value> to <param-value>https://compc.a1317.de:443/cas/serviceValidate</param-value> (all URLs in the config should be changed to full qualified). PS: And make sure in the certificate CN is the name of the server, in my case compc.a1317.de -- View this message in context: http://jasig.275507.n4.nabble.com/Problem-with-Demo-ProxyPass-and-SSL-tp2278918p2296112.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
