This is just a guess, but I would think that the CASCertificatePath would need to be the exact same CRT file used on the CAS server, not a similar certificate regenerated on the client side.
-Scott On Jan 10, 2008 10:05 AM, Srikar Kummamuri <[EMAIL PROTECTED]> wrote: > Matt, > > I change the httpd.conf and problem still continues. Let me tell you what > I did exactly. On the Apache (Mod_auth_cas) machine, I generated a CRT file > with the keytool (given the CAS Server name in the first , last names > argument of Keytool) same way that I did on the cas server. Now as you > noted, I modified the httpd.conf file in both way with relative path and > absolute path. > > > > CASCertificatePath C:\ssl\cas_sslcrt (In this directory crt file and > .keystore were there) > > > > But the problem continues. My doubt is, Is this method (Generating the crt > file with Keytool) is good for the apacge (Mod_auth_Cas) ???? Or do I need > to look into certificate generation methods of OpenSsl?? > > > > Any documents/links/help?? > > > > Thanks a lot. > > Srikar. > > > > > ------------------------------ > > *From:* Srikar Kummamuri > *Sent:* Wednesday, January 09, 2008 5:32 PM > *To:* '[email protected]' > *Subject:* RE: mod_auth_cas-1.0.6 released > > > > When the request comes back to Apache from the CAS server with the ticket > (using mod_auth_cas), apache is throwing error. > > > > "Could not perform SSL handshake with alx-dev-wrk04.wwre.org (check > CASCertificatePath)" > > > > In my config, httpd.conf calls the ssl.conf and the ssl.conf has the > following line. > > > > SSLCertificateFile conf/sslcrt/server.crt > > > > Now the serer.crt is the file generated for the CAS Server by the key tool > (with the cas server machine name). > > > > What am I doing wrong here? Do I need to import this crt into something > else? Or can same body give me the clue to get this certificate into JVM on > the apache server having mod_auth_cas? I resolved the same issue on a > tomcat server running the CAS client but on this Apache (MOD_AUTH_CAS) I am > not getting the idea of where to configure the self signed certificate. > > > > Thanks a lot > > Srikar. > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
