Srikar- If I understand you correctly, you generated a self-signed CAS Server certificate on the CAS Server using keytool, and then repeated the process with keytool again on the Apache server. Is that correct?
If so, that will not work. Keytool will create two completely different certificates, even though the same name is used. In this scenario, the Apache/mod_auth_cas server needs the *same certificate* as the CAS Server. I believe keytool has an exportcert option. You may be able to export the certificate from your CAS Server's keystore, and copy that to your Apache server. The certificate will need to be in PEM format. If you eventually use a third-party certificate, such as Verisign, Thawte, or even a local root certificate, you will not have to copy the server's certificate around, but rather just the signer's "root" certificate. Note that certificate management is not specific to mod_auth_cas or even CAS -- all SSL clients require this same process. HTH, -Matt On Thu, 2008-01-10 at 10:05 -0500, Srikar Kummamuri wrote: > Matt, > > I change the httpd.conf and problem still continues. Let me tell you > what I did exactly. On the Apache (Mod_auth_cas) machine, I generated > a CRT file with the keytool (given the CAS Server name in the first , > last names argument of Keytool) same way that I did on the cas > server. Now as you noted, I modified the httpd.conf file in both way > with relative path and absolute path. > > > > CASCertificatePath C:\ssl\cas_sslcrt (In this directory crt file > and .keystore were there) > > > > But the problem continues. My doubt is, Is this method (Generating the > crt file with Keytool) is good for the apacge (Mod_auth_Cas) ???? Or > do I need to look into certificate generation methods of OpenSsl?? > > > > Any documents/links/help?? > > > > Thanks a lot. > > Srikar. > > > > > > > ______________________________________________________________________ > From: Srikar Kummamuri > Sent: Wednesday, January 09, 2008 5:32 PM > To: '[email protected]' > Subject: RE: mod_auth_cas-1.0.6 released > > > > > When the request comes back to Apache from the CAS server with the > ticket (using mod_auth_cas), apache is throwing error. > > > > “Could not perform SSL handshake with alx-dev-wrk04.wwre.org (check > CASCertificatePath)” > > > > In my config, httpd.conf calls the ssl.conf and the ssl.conf has the > following line. > > > > SSLCertificateFile conf/sslcrt/server.crt > > > > Now the serer.crt is the file generated for the CAS Server by the key > tool (with the cas server machine name). > > > > What am I doing wrong here? Do I need to import this crt into > something else? Or can same body give me the clue to get this > certificate into JVM on the apache server having mod_auth_cas? I > resolved the same issue on a tomcat server running the CAS client but > on this Apache (MOD_AUTH_CAS) I am not getting the idea of where to > configure the self signed certificate. > > > > Thanks a lot > > Srikar. > > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas -- Matt Smith [EMAIL PROTECTED] University Information Technology Services (UITS) University of Connecticut PGP Key ID: 0xE9C5244E
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
