Just in case it helps, here are the details of getting a wildcard cert working in Oracle WebLogic / Oracle wallet: http://beanbag.technicalissues.us/2013/02/using-oracle-wallet-with-wildcard-certificates/
Might help with jboss too... not sure. -- Gene Liverman Systems Administrator Information Technology Services University of West Georgia [email protected] 678.839.5492 ITS: Making Technology Work for You! This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return mail, delete this message, and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal or actionable by law. On Dec 20, 2013 8:42 AM, "Marvin Addison" <[email protected]> wrote: > > Thanks for your reply. I am interested in your wording "fully-qualified > > hostname". > > I suppose "fully-qualified domain name (FQDN)" is more common, but the > phrase above is a fairly common synonym. > http://en.wikipedia.org/wiki/Hostname for more details. > > > I am using a wildcard certificate now. Is it a problem? > > Depends. The JSSE support for wildcards is very specific; for example > the wildcard does not apply to subdomains. And I'm not entirely > certain wildcard support is enabled by default. See > > http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html > for more information. I should note that matters of certificate trust > are entirely outside the scope of CAS; certificate trust is configured > in the JRE and servlet container. In your particular case it's a > matter of configuration in the _system_ truststore since the service > manager is itself protected by CAS and the Java CAS client is failing > on the certificate check that happens as a matter of making an > HTTPSUrlConnection to validate the ticket. The truststore used in that > case is the system one controlled by javax.net.trustStore system > property. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
