> keystoreFile="%JAVA_HOME%/jre/lib/security/cacerts"
Maybe the docs are a not-so-correct there (I'll try to update it soon). You shouldn't use %JAVA_HOME%/jre/lib/security/cacerts for any keyEntry. It is the default TRUSTstore, meaning it contains the CA's you JVM should trust. You should create a separate keystore that contains your key and certificate pair. That's the keystoreFile you'll want to use for your tomcat connector. If you don't specify a keystore when generating and importing a key, then keytool will create a ".keystore" in your home directory (which Tomcat will look for too when you don't specify one). maybe these will help too: http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html http://shib.kuleuven.be/docs/idp/install-idp-1.3.shtml#ssl /* note: when using the Java CAS *client* then you'll need to make sure the cacerts truststore contains the root CA of the https certificate of CAS server. */ -- Velpi _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
