"[Fri May 08 17:51:58 2015] [warn] RSA server certificate CommonName (CN) `10.30.3.105' does NOT match server name!?"
This means that the CN in the certificate doesn't match the hostname (or IP address) used to connect to it. If you initiate a connection to https://a.b.c.d/, the server must present a certificate with the CN set to "a.b.c.d", or at least "*.d" in the case of wildcards. Best regards, -- Carlos. -----Original Message----- From: Romov, Phil [mailto:[email protected]] Sent: Friday, 08 May, 2015 13:55 To: [email protected] Subject: Re: [cas-user] authentication failed using phpCAS and CI even though CAS is creating service tickets I¹ve confirmed that I can connect to the CAS server from the CI server (by doing telnet <casip> 8443 - connection established) I¹ve followed this https://www.sslshopper.com/article-how-to-create-and-install-an-apache-sel f -signed-certificate.html to extract the self signed cert from tomcat hosting CAS, to pem+key files for apache hosting CI; restarted apache, CI app still loads, so I¹m assuming that takes care of adding the trusted cert store in CI apps host I get the same ³you were not authenticated² error (even though on cas web app the login succeeds) and in error_log on CI/apache side all I see is: [Fri May 08 17:51:58 2015] [warn] RSA server certificate CommonName (CN) `10.30.3.105' does NOT match server name!? Please let me know anything obvious I have missed, or any clues how to proceed Thanks, Phil On 5/7/15, 4:48 PM, "Carlos M. Fernández" <[email protected]> wrote: >Hi, Phil, > >Check that the CI app can resolve the CAS server's hostname, that it >can connect to the CAS server, and that it trusts the CAS server's >certificate. If you still have a self-signed certificate, you will need >to add that to the trusted certificate store in the CI app's host. The >error logs from the web server running the CI app should contain a hint >of the actual cause. > >Best regards, >-- >Carlos. > >-----Original Message----- >From: Romov, Phil [mailto:[email protected]] >Sent: Thursday, 07 May, 2015 16:41 >To: [email protected] >Subject: [cas-user] authentication failed using phpCAS and CI even >though CAS is creating service tickets > >Hi all, >I¹m working with CAS for the first time, I¹ve got cas itself working >and authenticating against our user store, so I can go to through the >web app and login there and it succeeds > >Now I¹m trying to get my code igniter web app to use CAS. I¹ve started >with this example: >https://github.com/eliasdorneles/code-igniter-cas-library > >When I run it, on the cas side in cas.log I¹m seeing stuff like >(10.24.71.107 is my CI app, and 10.30.3.105 is the working cas web app) > >2015-05-07 20:32:11,390 INFO >[org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service >ticket [ST-5-15WSI4vQZVjP62A2hqFO-cas.bigdev] for service >[https://10.24.71.107/auth] for user [[email protected]] > >2015-05-07 20:32:11,390 INFO >[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - >Audit trail record BEGIN > >============================================================= > >WHO: [email protected] > >WHAT: ST-5-15WSI4vQZVjP62A2hqFO-cas.bigdev for >https://10.24.71.107/auth > >ACTION: SERVICE_TICKET_CREATED > >APPLICATION: CAS > >WHEN: Thu May 07 20:32:11 UTC 2015 > >CLIENT IP ADDRESS: 10.6.1.22 > >SERVER IP ADDRESS: 10.30.3.105 > >============================================================= > >However, on my CI app (after waiting 30 seconds or so) I get back: >CAS Authentication failed! > >You were not authenticated. > >You may submit your request again by clicking >here<https://10.24.71.107/auth>. > >If the problem persists, you may contact the administrator of this >site<mailto:[no%20address%20given]>. > >________________________________ >phpCAS 1.3.3 using server >https://10.30.3.105:8443/cas-server-webapp-4.0.0/ (CAS 2.0) > >Please let me know if there is something obvious I am missing, or where >I can start looking for clues if not cas.log > >Thanks, >Phil > >-- >You are currently subscribed to [email protected] as: >[email protected] To unsubscribe, change settings or access archives, >see http://www.ja-sig.org/wiki/display/JSG/cas-user > > >-- >You are currently subscribed to [email protected] as: >[email protected] >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
