> Thanks for your reply. I am interested in your wording "fully-qualified > hostname".
I suppose "fully-qualified domain name (FQDN)" is more common, but the phrase above is a fairly common synonym. http://en.wikipedia.org/wiki/Hostname for more details. > I am using a wildcard certificate now. Is it a problem? Depends. The JSSE support for wildcards is very specific; for example the wildcard does not apply to subdomains. And I'm not entirely certain wildcard support is enabled by default. See http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html for more information. I should note that matters of certificate trust are entirely outside the scope of CAS; certificate trust is configured in the JRE and servlet container. In your particular case it's a matter of configuration in the _system_ truststore since the service manager is itself protected by CAS and the Java CAS client is failing on the certificate check that happens as a matter of making an HTTPSUrlConnection to validate the ticket. The truststore used in that case is the system one controlled by javax.net.trustStore system property. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
