Glad to hear it worked for you. -Scott
On 3/5/07, Mike Crawford <[EMAIL PROTECTED]> wrote:
Thankyou for enduring with me... problem solved. I had gotten myself into a tangle with too many certificates and CAS servers floating around. I'm sure this is trivial for most but for those as novice as me - to setup CAS on a server by itself: *Get the CAS application running using the yale website instructions... I used J2EE server .war version running in tomcat *On the same server generate a key with alias tomcat into a keystore... the cn property being the name of your cas server *Generate a certificate (.crt) from the key you just created *On the same server in the SSL connector in server.xml of tomcat... point to the keystore. (keystoreFile & keystorePass) *Copy the certificate you exported to your webserver or uPortal machine. *Import the cert into your java cacerts keystore on the webserver *Check that your webserver or uPortal application has the standard CAS filter within the web-app tag of web.xml, and the serverName property being the name of your web server, including the port 8080 if that's what you're running tomcat on. Cheers, Mike On 3/5/07, Mike Crawford <[EMAIL PROTECTED]> wrote: > > I've added that and it gave no additional output. I tested it by making > an obvious mistake and it seems to work though. > > I think my problem comes down to a basic lack of understanding of the > certificates and keystores. > > On the CAS server, I created a private key with the same name as the CAS > server, then exported a cert and imported that into cacerts on the CAS > server. Then I copied the cert to the web server. On the web server I set > the serverName part of my filter to be the webserver name, and imported the > cert into the JVM keystore. > > This didn't work for me. I have tomcat running on both servers, the > server.xml on the CAS server pointing to the private keystore.... and on > the webserver I don't need to point to a private keystore? > > Do I have the basics right here? Make private keystore on CAS Server, > send the cert to the webserver and import it into cacerts?? > > Thanks, > > Mike > > > On 3/1/07, Marvin S. Addison <[EMAIL PROTECTED]> wrote: > > > > If you suspect a keystore/certificate issue of any kind, the Java SSL > > debug output is indispensable in diagnosing the problem. Could you > > perform a SSL debug trace by adding > > > > -Djavax.net.debug=ssl > > > > to your JVM startup parameters. This is easily done for Tomcat: > > create > > a $TOMCAT_HOME/bin/setenv.sh file and add the line > > > > CATALINA_OPTS=$CATALINA_OPTS" -Djavax.net.debug=ssl" > > > > This will generate _a lot_ of data in $TOMCAT_HOME/logs/catalina.out > > by > > default. If you could post what you think are relevant bits of that > > output, we might be able to help further. > > > > Regards, > > Marvin Addison > > -- > > Applications Programming Analyst > > Collaborative Technologies Unit > > Virginia Tech > > > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
-- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
