Cliff, I'm pretty sure you can't use the IP address as the CN name for the certificate. I believe it actually needs to be the host name.
-Scott On Nov 7, 2007 11:30 AM, Clifford Bryant <[EMAIL PROTECTED]> wrote: > Hello, > > > > We are trying to setup CAS with Tomcat and Apache. The Tomcat SSL port > has been opened for CAS. We are trying to use the IP addresses of the > Tomcat servers on the internal network. Normally, the SSL port is not open > to the outside world. The IP address of the Tomcat server was used in the > SSL certificate. > > > > Here is the error. *Any help would be greatly appreciated!* > > > > The IP addresses is the same, so not sure why I am getting this error > message? > > > > 2007-11-07 15:31:42,523 INFO [ > org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket > [ST-3-WIU6g7n6WlJHeTlOnJWm6NtKyiyZDSv3HrH-20] for service > [https://192.168.254.70:8443<https://192.168.254.70:8443/terms/rs_timesheet.css> > /terms/rs_timesheet.css<https://192.168.254.70:8443/terms/rs_timesheet.css>] > for user [Admin100]> > > 24131 [http-8443-Processor25] ERROR [/terms].[default] - Servlet.service() > for servlet default threw exception > > java.io.IOException : HTTPS hostname wrong: should be <192.168.254.70> > > at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing ( > HttpsClient.java:493) > > at sun.net.www.protocol.https.HttpsClient.afterConnect ( > HttpsClient.java:418) > > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect( > AbstractDelegateHttpsURLConnection.java:170) > > at sun.net.www.protocol.http.HttpURLConnection.getInputStream ( > HttpURLConnection.java:913) > > at > com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream > (HttpsURLConnectionOldImpl.java:204) > > at edu.yale.its.tp.cas.util.SecureURL.retrieve (SecureURL.java:70) > > at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate( > ServiceTicketValidator.java:212) > > at > edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser( > CASFilter.java :219) > > at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter( > CASFilter.java:184) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( > ApplicationFilterChain.java:215) > > at org.apache.catalina.core.ApplicationFilterChain.doFilter( > ApplicationFilterChain.java:188) > > at org.apache.catalina.core.StandardWrapperValve.invoke( > StandardWrapperValve.java:213) > > at org.apache.catalina.core.StandardContextValve.invoke( > StandardContextValve.java:174) > > at org.apache.catalina.core.StandardHostValve.invoke( > StandardHostValve.java:127) > > at org.apache.catalina.valves.ErrorReportValve.invoke ( > ErrorReportValve.java:117) > > at org.apache.catalina.core.StandardEngineValve.invoke( > StandardEngineValve.java:108) > > at org.apache.catalina.connector.CoyoteAdapter.service( > CoyoteAdapter.java :151) > > at org.apache.coyote.http11.Http11Processor.process( > Http11Processor.java:874) > > at > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection > (Http11BaseProtocol.java :665) > > at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket( > PoolTcpEndpoint.java:528) > > at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt( > LeaderFollowerWorkerThread.java :81) > > at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( > ThreadPool.java:689) > > at java.lang.Thread.run(Thread.java:595) > > starting Apache....... > > > > > > Clifford Bryant, Senior Developer > > Edgewater Technology, Inc. > > ------------------------------------------------------------- > > 20 Harvard Mill Square > > Wakefield, MA 01880 > > Direct (: 781.213.9885 > > Cell (: 617.417.6704 > > Fax 6: 781.246.5903 > > *: [EMAIL PROTECTED] <[EMAIL PROTECTED]> > > ΓΌ: www.edgewater.com > > > > This e-mail and any files transmitted with it are confidential and are > intended solely for the use of the individual or entity to whom they are > addressed. This communication may contain information that is protected from > disclosure by applicable law. If you are not the intended recipient, or the > employee or agent responsible for delivering this communication to the > intended recipient, be advised that you have received this e-mail in error > and any use, dissemination, forwarding, printing or copying of this e-mail is > strictly prohibited. If you believe that you have received this e-mail in > error, please immediately notify Edgewater Technology by telephone at (781) > 246-3343 and delete the communication from all e-mail files. > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
