Cr0n, Although my suspicion isn’t related to an IE specific issue, I would check to make sure your Apache server support supports SNI. http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
On IE, when you get the error about the certificate name not matching, when you look at the certificate itself (inside IE) what hostname is it valid for? Are you doing NameVirtualHosts? If you are using NameVirtualHosts and your version of Apache doesn’t support SNI, you may be serving the same SSL certificate for both Virtual Hosts even if it is configured not to. Regards, Patrick -----Original Message----- From: cr0n [mailto:[email protected]] Sent: Wednesday, April 04, 2012 5:13 AM To: [email protected] Subject: [cas-user] SSL validation failed on IE Hi everybody, I would be very grateful if someone can help me with my issue. The problem is within IE browser and my reverse proxy setup which used mod_auth_cas and mod_proxy. I have two virtual hosts: 1. https://login.example.com : Redirect permanent / "https://login.example.com/auth/login?service=https://portal.example.com/"; <Location "/auth"> ProxyPass https://cas.intranet.com/auth ProxyPassreverse https://cas.intranet.com/auth </Location> Generally, this vhost is not casified. It's simple proxying requests to internal Tomcat where CAS server is deployed. 2. https://portal.example.com <Location /> AuthType CAS AuthName "CAS" Include conf.d/ldap.inc </Location> This vhost is my portal application. --- When I access "https://login.example.com"; I'm redirected to: https://login.example.pl/auth/login?service=https://portal.example.pl/ and it works fine from any browser. When I access directly portal address: "https://portal.example.com"; I'm redirected to https://login.example.pl/auth/login?service=https://portal.example.pl/ and it works fine too on Firefox,Opera, Chrome, Safari. The problem is with IE: Direct access to "https://portal.example.com"; gives me SSL warning: "There is a problem with a security certificate that Web site The security certificate presented by this website was issued for the address of another site. Security certificate problems may indicate an attempt to fool you or intercept data you send to the server." Any idea how to bypass this issue? -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
smime.p7s
Description: S/MIME cryptographic signature
