I've added that and it gave no additional output. I tested it by making an obvious mistake and it seems to work though.
I think my problem comes down to a basic lack of understanding of the certificates and keystores. On the CAS server, I created a private key with the same name as the CAS server, then exported a cert and imported that into cacerts on the CAS server. Then I copied the cert to the web server. On the web server I set the serverName part of my filter to be the webserver name, and imported the cert into the JVM keystore. This didn't work for me. I have tomcat running on both servers, the server.xml on the CAS server pointing to the private keystore.... and on the webserver I don't need to point to a private keystore? Do I have the basics right here? Make private keystore on CAS Server, send the cert to the webserver and import it into cacerts?? Thanks, Mike On 3/1/07, Marvin S. Addison <[EMAIL PROTECTED]> wrote:
If you suspect a keystore/certificate issue of any kind, the Java SSL debug output is indispensable in diagnosing the problem. Could you perform a SSL debug trace by adding -Djavax.net.debug=ssl to your JVM startup parameters. This is easily done for Tomcat: create a $TOMCAT_HOME/bin/setenv.sh file and add the line CATALINA_OPTS=$CATALINA_OPTS" -Djavax.net.debug=ssl" This will generate _a lot_ of data in $TOMCAT_HOME/logs/catalina.out by default. If you could post what you think are relevant bits of that output, we might be able to help further. Regards, Marvin Addison -- Applications Programming Analyst Collaborative Technologies Unit Virginia Tech _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
