If I remember correctly the self-signed won't have a root CA. The server certificate will need to be imported using keytool with the -trustcacerts switch. It can be in the keystore but if it is not a trusted cert things won't go well.
If you run keytool -list -keystore cacerts -v look to see if the "Entry type:" for the alias of the self-signed cert is trustedCertEntry From: Schawn E. Thropp [mailto:[email protected]] Sent: Friday, January 04, 2013 2:27 PM To: [email protected] Subject: Re: [cas-user] SSL error with LDAP Marvin, System truststore? do you mean the JRE cacerts? when i checked this it seems to have the self-signed cert in it. ________________________________ From: Marvin Addison <[email protected]<mailto:[email protected]>> To: [email protected]<mailto:[email protected]> Sent: Friday, January 4, 2013 3:00 PM Subject: Re: [cas-user] SSL error with LDAP > Thank you, but I need help understanding a little more. I thought for > development purposes this was OK? Is self-signed not the way to go? > Is there a way to override this behavior or can I not use a self-signed > cert? Simply add the self-signed cert to the system truststore and you should be good to go. There's nothing wrong with self-signed certs per se, but they do require additional work. https://wiki.jasig.org/display/CASUM/SSL+Troubleshooting+and+Reference+Guide has some documentation that may help you; in particular, the "Import Trusted Certificate" section. M -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
