Here is what I did with no success.
Went on to CAS Server machine, taken (copied) the server.crt file that
was generated for the CAS Server mehine using keytool to the client
machine.
Came back to the client machine. Openend the OpenSSL prompt.
OpenSSL> x509 -noout -text -in C:\ssl\cas_sslcrt\server.crt -inform der
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1193950368 (0x472a3ca0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=VA, L=Alx, O=Agentrics, OU=Development,
CN=alx-dev-wrk04.wwre.org
Validity
Not Before: Nov 1 20:52:48 2007 GMT
Not After : Jan 30 20:52:48 2008 GMT
Subject: C=US, ST=VA, L=Alx, O=Agentrics, OU=Development,
CN=alx-dev-wrk04.wwre.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:93:94:15:eb:da:b2:82:4e:9e:7b:06:0d:3a:eb:
a9:a8:84:87:72:f5:f1:de:bc:5b:b9:f6:db:a6:ea:
ef:45:33:e0:87:bd:29:30:17:56:6e:72:be:8c:b5:
b1:47:d6:e1:4c:d4:5f:02:39:4b:81:4e:a1:75:41:
2c:34:8e:87:97:e8:55:96:8a:b5:ec:e1:7f:66:4b:
28:61:7c:84:ca:28:f7:9f:f0:2a:91:49:62:12:13:
fa:44:2d:de:23:7f:3f:fb:61:f7:6e:29:5c:38:cc:
f5:6a:63:ce:1d:80:0d:64:b5:29:31:f2:7d:83:42:
1c:af:28:ea:e4:9c:e4:4b:25
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
5c:e5:64:8f:ea:d8:ff:eb:3d:ae:1d:57:ce:13:fe:1c:a6:4a:
11:6f:b6:21:41:2b:bf:ba:8a:2d:ce:f8:d5:23:1b:09:1b:09:
3d:cf:97:fb:de:10:12:9a:60:8b:d3:ff:c1:3a:7f:c6:a7:26:
8a:35:cf:30:d6:70:ae:f7:7d:e0:a8:aa:c2:56:02:d2:61:f5:
72:2b:36:fe:63:6e:9b:73:f5:f7:4d:4b:f8:8d:ed:91:fb:00:
2e:fa:d5:d5:a4:11:6a:c8:77:17:32:7b:0f:ef:2d:92:c5:a2:
fb:25:13:6a:b2:18:c6:e6:c0:bb:54:a1:c6:31:aa:d5:21:a5:
1a:7a
OpenSSL>
The above shows the correct information of the cas server"
alx-dev-wrk04.wwre.org"
Now I converted it to PEM format.
OpenSSL> x509 -out exported-pem.crt -outform pem -in
C:\ssl\cas_sslcrt\server.crt -inform der
I changed the httpd.conf
CASCertificatePath C:/ssl/cas_sslcrt/exported-pem.crt
Now the error.log is not compligning saying that it can not load the crt
file but still HandShake is failing.
[Thu Jan 10 11:49:56 2008] [error] [client 10.6.2.145] MOD_AUTH_CAS:
Could not perform SSL handshake with alx-dev-wrk04.wwre.org (check
CASCertificatePath)
...Srikar
________________________________
From: Srikar Kummamuri
Sent: Thursday, January 10, 2008 10:41 AM
To: '[email protected]'
Subject: RE: mod_auth_cas-1.0.6 released
Scott,
I tried to place the exact file in the path of CASCertificatePath. Now I
gaeve the crt file directly in the path.
CASCookiePath C:/ssl/
CASCertificatePath C:/ssl/cas_sslcrt/server.crt
CASValidateServer on
And the error is,
[Thu Jan 10 10:37:05 2008] [error] [client 10.6.2.145] MOD_AUTH_CAS:
Could not load CA certificate file: C:/ssl/cas_sslcrt/server.crt
[Thu Jan 10 10:37:05 2008] [error] [client 10.6.2.145] MOD_AUTH_CAS:
Could not create an SSL connection to alx-dev-wrk04.wwre.org
..Srikar
________________________________
From: Srikar Kummamuri
Sent: Thursday, January 10, 2008 10:05 AM
To: '[email protected]'
Subject: RE: mod_auth_cas-1.0.6 released
Matt,
I change the httpd.conf and problem still continues. Let me tell you
what I did exactly. On the Apache (Mod_auth_cas) machine, I generated a
CRT file with the keytool (given the CAS Server name in the first , last
names argument of Keytool) same way that I did on the cas server. Now
as you noted, I modified the httpd.conf file in both way with relative
path and absolute path.
CASCertificatePath C:\ssl\cas_sslcrt (In this directory crt file
and .keystore were there)
But the problem continues. My doubt is, Is this method (Generating the
crt file with Keytool) is good for the apacge (Mod_auth_Cas) ???? Or
do I need to look into certificate generation methods of OpenSsl??
Any documents/links/help??
Thanks a lot.
Srikar.
________________________________
From: Srikar Kummamuri
Sent: Wednesday, January 09, 2008 5:32 PM
To: '[email protected]'
Subject: RE: mod_auth_cas-1.0.6 released
When the request comes back to Apache from the CAS server with the
ticket (using mod_auth_cas), apache is throwing error.
"Could not perform SSL handshake with alx-dev-wrk04.wwre.org (check
CASCertificatePath)"
In my config, httpd.conf calls the ssl.conf and the ssl.conf has the
following line.
SSLCertificateFile conf/sslcrt/server.crt
Now the serer.crt is the file generated for the CAS Server by the key
tool (with the cas server machine name).
What am I doing wrong here? Do I need to import this crt into
something else? Or can same body give me the clue to get this
certificate into JVM on the apache server having mod_auth_cas? I
resolved the same issue on a tomcat server running the CAS client but
on this Apache (MOD_AUTH_CAS) I am not getting the idea of where to
configure the self signed certificate.
Thanks a lot
Srikar.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
