Thanks. I will probably find the config lines needed to turn on the appropriate logging, but in case I miss something, and you have it readily available, would you mind pointing out how I turn on "logging to the max"?
On Mon, Sep 30, 2013 at 7:12 PM, Marvin S. Addison <[email protected] > wrote: > The CAS-login works fine, but when I get redirected back to my >> apache after logging in, I get: "Could not perform SSL handshake >> with example.casserver.com (check CASCertificatePath)". >> > > I would recommend turning up logging. mod_auth_cas uses curl under the > hood, and it should log details about the certificate it's having > trouble with. > > > I checked CASCertificatePath, and I verified it points to the >> correct certificate(certificate of the CAS-server). >> > > Additional logging should help verify or refute that statement. > > > keytool -genkey -keyalg "RSA" -dname Is this the problem? >> > > Nothing wrong there. > > > Does mod_auth_cas require the certificate to be CA-signed, for >> instance by creating my own CA for the network using TinyCA2? >> > > There are no particular issuer requirements on certificates used by CAS > components. Strictly speaking, the SSL machinery is controlled by > libraries (Java on the server side, libssl on the Apache/mod_auth_cas > side) outside CAS. > > Or is a normal self signed ceritificate ernough? >> > > That will work fine when configured properly, but it's uncommon to use for > anything other than initial setup and testing. > > > M > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/**display/JSG/cas-user<http://www.ja-sig.org/wiki/display/JSG/cas-user> > -- Henrik Kjus Alstad -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
