> My question is, why my first aproach didn't work ? Citing my response to your post on tomcat-users:
Likely because you specified the APR connector somewhere in your connector config, yet the SSL instructions you cited for CAS describe the setup for the pure-java connectors. APR is a different (but friendly) beast. > and what should be > the best way to configure SSL for CAS? There's no best way. SSL setup depends on several considerations: - Desired performance and available characteristics of your servlet container - Maintenance considerations (e.g. recompiling APR for new Tomcat installs) - Expertise We've been using the APR connectors for Tomcat here at VT for ages and are perfectly satisfied for a few reasons: - Uses of OpenSSL under the hood, with enables avoiding keystore management - Provides directives similiar to mod_ssl which is both familiar to us and well documented - Performance characteristics are arguably the best of any of the available connectors If you don't like dealing with native code in Java apps, then the APR connectors might not be for you. In any case this is much more a consideration for the underlying servlet container than CAS per se. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
