You do not need to add the certificat to openssl certificate store. All what you need to do is point the CAFile => 'c:\mypath\mycert.crt',
If you have a .keystore file you need to create a certificate from that and place it in the c:\mypath directory How to create a certificate : http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html > [Original Message] > From: Tracy12 <[EMAIL PROTECTED]> > To: <[email protected]> > Date: 1/4/2007 8:26:54 AM > Subject: RE: Auth CAS (perl) confusion > > > Chris, > > Which certificate are you refering to? > > In my case sampleCasClient.pl(running on apache) and CAS server running on > two seperate machines. > > I thought certifcate from the cas machine needs to be imported to the > openssl certificate store (basically append the /x/x/x/x/ca-bundle.crt). > This is to make sure the trust relationship. > > Unfortunate the certificate from cas is generated using java keytool. > > Am I doing doing something fundamentally wrong. > > the first couple of lines in my sampleCasClient.pl looks as follows > > #!/usr/bin/perl > > use warnings; > use strict; > use AuthCAS; > > my $cas = new AuthCAS(casUrl => 'https://test_cas_server:8443/cas', > CAFile => '/etc/pki/tls/certs/ca-bundle.crt', > ); > my $app_url = 'http://localhost/sampleCasClient.pl'; > ...... > .... > > I followed the steps and executed the script, in apache logs it shows the > following > > [Thu Jan 04 16:08:28 2007] [error] [client 127.0.0.1] Error: error > IO::Socket::INET configuration failederror:00000000:lib(0):func(0):reason(0) > unable to connect https://test_cas_server:8443/ > [Thu Jan 04 16:08:28 2007] [error] [client 127.0.0.1] > [Thu Jan 04 16:08:28 2007] [error] [client 127.0.0.1] Use of uninitialized > value in printf at /var/www/html/sampleCasClient.pl line 28. > > > > > > > > > > > > > > > Chris-343 wrote: > > > > There is no need for that .... all what you need to do is tell Perl where > > to look for the crt. > > > > Example from: http://www.ust.hk/itsc/cas/sampleCasClient.pl > > > > my $cas = new AuthCAS(casUrl => 'https://yourhost:8443/cas', > > CAFile => '/xxx_somepath_xxx/your.crt', > > ); > > > > If you have a Java kestore file you can create a crt file with the > > keytool. > > > > > >> [Original Message] > >> From: Tracy12 <[EMAIL PROTECTED]> > >> To: <[email protected]> > >> Date: 1/4/2007 12:32:38 AM > >> Subject: RE: Auth CAS (perl) confusion > >> > >> > >> Yes I understand, > >> > >> I just wanted to know how can I import a certificate created using java > >> keytool(CAS server certificate) to the apache key store (using open ssl), > >> basically the issue is they got two different formats, > >> > >> > >> Which tool used to create the HKUST? > >> > >> > >> Chris-343 wrote: > >> > > >> > The link I sent you includes http://sourcesup.cru.fr/perlcas/. > >> > > >> > It also includes sample code in Perl for a CAS client. > >> > > >> > The HKUST CA is just an example. Use your own ( it shows how to do that > > in > >> > http://www.ust.hk/itsc/cas/sampleCasClient.pl) > >> > > >> > > >> > > >> >> [Original Message] > >> >> From: Tracy12 <[EMAIL PROTECTED]> > >> >> To: <[email protected]> > >> >> Date: 1/3/2007 6:09:28 AM > >> >> Subject: RE: Auth CAS (perl) confusion > >> >> > >> >> > >> >> > >> >> I believe I have to follow the item no 1 which is > >> >> > >> >> CAS Perl Library (http://sourcesup.cru.fr/perlcas/) > >> >> > >> >> This is one of the urls I posted earlier, > >> >> > >> >> Thanks, but I got following questions > >> >> > >> >> 1) Development we have certificate generate using java keytool for CAS > >> >> serve) (Currentlly development CAS server is running on tomcat). > >> >> > >> >> 2) How can I have this certificate and put it under apache 2.x, where > >> >> perl > >> >> code is running. So that the handshake between this machine and CAS > > works > >> >> fine. Basically how can I update openssl certificate store, > >> >> > >> >> Let me know how to setup this SSL thing, as currently I have to use > > OPEN > >> > SSL > >> >> for certificates generated by keytool > >> >> > >> >> > >> >> In addition, in the url u sent what is the use of Sample HKUST Root CA > >> >> certificate file how can I set up a one for me. > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> Chris-343 wrote: > >> >> > > >> >> > No more Perl confusion .. I just CASified my Perl application and it > >> > works > >> >> > like a champ ! > >> >> > > >> >> > Look at this link : http://www.ust.hk/itsc/cas/clientlib.html > >> >> > > >> >> > Chris > >> >> > > >> >> > > >> >> >> [Original Message] > >> >> >> From: Tracy12 <[EMAIL PROTECTED]> > >> >> >> To: <[email protected]> > >> >> >> Date: 1/3/2007 2:05:52 AM > >> >> >> Subject: Auth CAS (perl) confusion > >> >> >> > >> >> >> > >> >> >> Hi, > >> >> >> > >> >> >> I find similar functionalities in following urls > >> >> >> > >> >> >> > >> >> >> http://search.cpan.org/~dcastro/Apache-AuthCAS-0.4/ > >> >> >> > >> >> >> http://sourcesup.cru.fr/perlcas/ > >> >> >> > >> >> >> my intention is to write a perl client that would execute > >> >> >> cas/serviceValidate and get the xml > >> >> >> and check for one of the attributes in the xml. > >> >> >> > >> >> >> I do not want to use proxy tickets at the moment. > >> >> >> > >> >> >> > >> >> >> basically user enters credentials on CAS login page and should > >> >> redirect > >> >> >> to > >> >> >> some other application via this perl script. > >> >> >> > >> >> >> Well ... can someone let us know which source should we use. (which > >> >> url > >> >> >> should I refer ) > >> >> >> > >> >> >> If there any other documentation pls let us know. > >> >> >> > >> >> >> Thanks, > >> >> >> > >> >> >> > >> >> >> > >> >> >> -- > >> >> >> View this message in context: > >> >> > > >> > > > http://www.nabble.com/Auth-CAS--%28perl%29-confusion-tf2910908.html#a8133264 > >> >> >> Sent from the CAS Users mailing list archive at Nabble.com. > >> >> >> > >> >> >> _______________________________________________ > >> >> >> Yale CAS mailing list > >> >> >> [email protected] > >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas > >> >> > > >> >> > > >> >> > _______________________________________________ > >> >> > Yale CAS mailing list > >> >> > [email protected] > >> >> > http://tp.its.yale.edu/mailman/listinfo/cas > >> >> > > >> >> > > >> >> > >> >> -- > >> >> View this message in context: > >> > > > http://www.nabble.com/Auth-CAS--%28perl%29-confusion-tf2910908.html#a8135603 > >> >> Sent from the CAS Users mailing list archive at Nabble.com. > >> >> > >> >> _______________________________________________ > >> >> Yale CAS mailing list > >> >> [email protected] > >> >> http://tp.its.yale.edu/mailman/listinfo/cas > >> > > >> > > >> > _______________________________________________ > >> > Yale CAS mailing list > >> > [email protected] > >> > http://tp.its.yale.edu/mailman/listinfo/cas > >> > > >> > > >> > >> -- > >> View this message in context: > > http://www.nabble.com/Auth-CAS--%28perl%29-confusion-tf2910908.html#a8150045 > >> Sent from the CAS Users mailing list archive at Nabble.com. > >> > >> _______________________________________________ > >> Yale CAS mailing list > >> [email protected] > >> http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > -- > View this message in context: http://www.nabble.com/Auth-CAS--%28perl%29-confusion-tf2910908.html#a8154299 > Sent from the CAS Users mailing list archive at Nabble.com. > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
