I would look at the tomcat Catalina logs, they should be able to tell you what is going wrong. I always start with there.
From: Kaushik Chowdhury [mailto:[email protected]] Sent: Tuesday, November 20, 2012 8:24 AM To: [email protected] Subject: [cas-user] issue with https login Hi, I tried to generate the key and import that to the store C:\Program Files\Java\jdk1.6.0_33\bin>keytool -genkey -alias tomcat -keypass cha ngeit -keyalg RSA Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: A15036A1D.corp.ads.valuelabs.net What is the name of your organizational unit? [Unknown]: valuelabs What is the name of your organization? [Unknown]: valuelabs What is the name of your City or Locality? [Unknown]: hyd What is the name of your State or Province? [Unknown]: ap What is the two-letter country code for this unit? [Unknown]: in Is CN=A15036A1D.corp.ads.valuelabs.net, OU=valuelabs, O=valuelabs, L=hyd, ST=ap, C=in correct? [no]: yes C:\Program Files\Java\jdk1.6.0_33\bin>keytool -export -alias tomcat -keypass cha ngeit -file server.crt Enter keystore password: Certificate stored in file <server.crt> C:\Program Files\Java\jdk1.6.0_33\bin>keytool -import -file server.crt -keypass changeit -keystore ..\jre\lib\security\cacerts Enter keystore password:changeit Owner: CN=A15036A1D.corp.ads.valuelabs.net, OU=valuelabs, O=valuelabs, L=hyd, ST =ap, C=in Issuer: CN=A15036A1D.corp.ads.valuelabs.net, OU=valuelabs, O=valuelabs, L=hyd, S T=ap, C=in Serial number: 50ab4c3f Valid from: Tue Nov 20 14:54:15 GMT+05:30 2012 until: Mon Feb 18 14:54:15 GMT+05 :30 2013 Certificate fingerprints: MD5: 04:57:C9:22:5F:EA:BC:8D:8E:2A:A9:29:56:2D:5C:BF SHA1: 91:A1:3E:58:31:63:1F:0B:CD:CE:DE:E2:FB:E0:F3:D5:83:CA:3A:CD Signature algorithm name: SHA1withRSA Version: 3 Trust this certificate? [no]: yes Certificate was added to keystore I deployed the cas.war in tomcat6. Then access to https://a15036a1d.corp.ads.valuelabs.net:8443/cas gives Internet Explorer cannot display the webpage However access to http version shows up the cas login page, with SSO disabled. http://a15036a1d.corp.ads.valuelabs.net:8080/cas/login -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
