It's vitally important that you identify the truststore to which the following certificate is added:
> adding as trusted cert: > Subject: CN=cas.test1.test2.test3.com, OU=Unknown, O=Unknown, L=Unknown, > ST=Unknown, C=Unknown > Issuer: CN=cas.test1.test2.test3.com, OU=Unknown, O=Unknown, L=Unknown, > ST=Unknown, C=Unknown > Algorithm: RSA; Serial number: 0x5f313435 > Valid from Wed Mar 30 14:42:25 EDT 2011 until Tue Jun 28 14:42:25 EDT 2011 My hunch is that you're adding the above cert to the tomcat connector trust store, not the system store. The java.net code used by the CAS validators uses trust material from the system truststore, $JAVA_HOME/jre/lib/security/cacerts. Your CAS server cert must be added to the client's system truststore as a trustedCert entry. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
