Maybe it is just Monday and I'm missing something simple, but I assumed
I would just use 'openssl s_client -connect ldap.domain.edu:636
<http://ldap.domain.edu:636>', grab the ldaps cert, import it into the
keystore that my tomcat/cas is using (with the trustcacerts option) and
it would solve the problem. It didn't.
Wrong trust store -- that one affects the Tomcat http connector
components exclusively. You need to define the following in the Tomcat
setenv.sh environment configuration script:
CATALINA_OPTS=$CATALINA_OPTS" -Djavax.net.ssl.trustStore=$TRUSTSTORE"
CATALINA_OPTS=$CATALINA_OPTS" -Djavax.net.ssl.trustStoreType=BKS"
CATALINA_OPTS=$CATALINA_OPTS" -Djavax.net.ssl.trustStorePassword=changeit"
Where $TRUSTSTORE is the path to the truststore containing your LDAP
server certificate (chain).
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
