Excellent -- glad to hear it is working! Just for my own satisfaction -- could you tell us what version of Apache, Windows, and Visual Studio you got this working with?
Thanks, -Matt On Thu, 2008-01-10 at 12:25 -0500, Srikar Kummamuri wrote: > Got it. > > Changed the CASCookiePath. > > CASCookiePath cache/ > > > > Thanks a lot to Matt and Scott and others for the help. I really > appreciate the help. > > ..Srikar > > > > > ______________________________________________________________________ > From: Srikar Kummamuri > Sent: Thursday, January 10, 2008 12:15 PM > To: '[email protected]' > Subject: RE: mod_auth_cas-1.0.6 released > > > > > Ok, > > Now, I used the export option to export the crt form key store on the > server and followed the same steps as described bellow. Seems like one > step forward. > > > > Now the log is, > > [error] [client 10.6.2.145] MOD_AUTH_CAS: Unable to clean cache entry > 'C:/ssl/cas_sslcrt' > > [Thu Jan 10 12:11:15 2008] [error] [client 10.6.2.145] MOD_AUTH_CAS: > Unable to clean cache entry 'C:/ssl/certs' > > [Thu Jan 10 12:11:15 2008] [error] [client 10.6.2.145] MOD_AUTH_CAS: > Unable to clean cache entry 'C:/ssl/cookie' > > > > I believe, this is not SSL now. Will post the progress again. > > > > We may turn all this in to a nice documents later. > > > > Thanks > > Srikar. > > > > > > > > > ______________________________________________________________________ > From: Srikar Kummamuri > Sent: Thursday, January 10, 2008 11:57 AM > To: '[email protected]' > Subject: RE: mod_auth_cas-1.0.6 released > > > > > Here is what I did with no success. > > > > Went on to CAS Server machine, taken (copied) the server.crt file that > was generated for the CAS Server mehine using keytool to the client > machine. > > > > Came back to the client machine. Openend the OpenSSL prompt. > > > > OpenSSL> x509 -noout -text -in C:\ssl\cas_sslcrt\server.crt -inform > der > > Certificate: > > Data: > > Version: 1 (0x0) > > Serial Number: 1193950368 (0x472a3ca0) > > Signature Algorithm: md5WithRSAEncryption > > Issuer: C=US, ST=VA, L=Alx, O=Agentrics, OU=Development, > CN=alx-dev-wrk04.wwre.org > > Validity > > Not Before: Nov 1 20:52:48 2007 GMT > > Not After : Jan 30 20:52:48 2008 GMT > > Subject: C=US, ST=VA, L=Alx, O=Agentrics, OU=Development, > CN=alx-dev-wrk04.wwre.org > > Subject Public Key Info: > > Public Key Algorithm: rsaEncryption > > RSA Public Key: (1024 bit) > > Modulus (1024 bit): > > 00:93:94:15:eb:da:b2:82:4e:9e:7b:06:0d:3a:eb: > > a9:a8:84:87:72:f5:f1:de:bc:5b:b9:f6:db:a6:ea: > > ef:45:33:e0:87:bd:29:30:17:56:6e:72:be:8c:b5: > > b1:47:d6:e1:4c:d4:5f:02:39:4b:81:4e:a1:75:41: > > 2c:34:8e:87:97:e8:55:96:8a:b5:ec:e1:7f:66:4b: > > 28:61:7c:84:ca:28:f7:9f:f0:2a:91:49:62:12:13: > > fa:44:2d:de:23:7f:3f:fb:61:f7:6e:29:5c:38:cc: > > f5:6a:63:ce:1d:80:0d:64:b5:29:31:f2:7d:83:42: > > 1c:af:28:ea:e4:9c:e4:4b:25 > > Exponent: 65537 (0x10001) > > Signature Algorithm: md5WithRSAEncryption > > 5c:e5:64:8f:ea:d8:ff:eb:3d:ae:1d:57:ce:13:fe:1c:a6:4a: > > 11:6f:b6:21:41:2b:bf:ba:8a:2d:ce:f8:d5:23:1b:09:1b:09: > > 3d:cf:97:fb:de:10:12:9a:60:8b:d3:ff:c1:3a:7f:c6:a7:26: > > 8a:35:cf:30:d6:70:ae:f7:7d:e0:a8:aa:c2:56:02:d2:61:f5: > > 72:2b:36:fe:63:6e:9b:73:f5:f7:4d:4b:f8:8d:ed:91:fb:00: > > 2e:fa:d5:d5:a4:11:6a:c8:77:17:32:7b:0f:ef:2d:92:c5:a2: > > fb:25:13:6a:b2:18:c6:e6:c0:bb:54:a1:c6:31:aa:d5:21:a5: > > 1a:7a > > OpenSSL> > > > > The above shows the correct information of the cas server” > alx-dev-wrk04.wwre.org” > > > > Now I converted it to PEM format. > > OpenSSL> x509 -out exported-pem.crt -outform pem -in C:\ssl\cas_sslcrt > \server.crt -inform der > > > > I changed the httpd.conf > > CASCertificatePath C:/ssl/cas_sslcrt/exported-pem.crt > > > > Now the error.log is not compligning saying that it can not load the > crt file but still HandShake is failing. > > [Thu Jan 10 11:49:56 2008] [error] [client 10.6.2.145] MOD_AUTH_CAS: > Could not perform SSL handshake with alx-dev-wrk04.wwre.org (check > CASCertificatePath) > > > > > > …Srikar > > > > > > > > > > > ______________________________________________________________________ > From: Srikar Kummamuri > Sent: Thursday, January 10, 2008 10:41 AM > To: '[email protected]' > Subject: RE: mod_auth_cas-1.0.6 released > > > > > Scott, > > I tried to place the exact file in the path of CASCertificatePath. Now > I gaeve the crt file directly in the path. > > > > CASCookiePath C:/ssl/ > > CASCertificatePath C:/ssl/cas_sslcrt/server.crt > > CASValidateServer on > > > > And the error is, > > > > [Thu Jan 10 10:37:05 2008] [error] [client 10.6.2.145] MOD_AUTH_CAS: > Could not load CA certificate file: C:/ssl/cas_sslcrt/server.crt > > [Thu Jan 10 10:37:05 2008] [error] [client 10.6.2.145] MOD_AUTH_CAS: > Could not create an SSL connection to alx-dev-wrk04.wwre.org > > > > > > ..Srikar > > > ______________________________________________________________________ > From: Srikar Kummamuri > Sent: Thursday, January 10, 2008 10:05 AM > To: '[email protected]' > Subject: RE: mod_auth_cas-1.0.6 released > > > > > Matt, > > I change the httpd.conf and problem still continues. Let me tell you > what I did exactly. On the Apache (Mod_auth_cas) machine, I generated > a CRT file with the keytool (given the CAS Server name in the first , > last names argument of Keytool) same way that I did on the cas > server. Now as you noted, I modified the httpd.conf file in both way > with relative path and absolute path. > > > > CASCertificatePath C:\ssl\cas_sslcrt (In this directory crt file > and .keystore were there) > > > > But the problem continues. My doubt is, Is this method (Generating the > crt file with Keytool) is good for the apacge (Mod_auth_Cas) ???? Or > do I need to look into certificate generation methods of OpenSsl?? > > > > Any documents/links/help?? > > > > Thanks a lot. > > Srikar. > > > > > > > ______________________________________________________________________ > From: Srikar Kummamuri > Sent: Wednesday, January 09, 2008 5:32 PM > To: '[email protected]' > Subject: RE: mod_auth_cas-1.0.6 released > > > > > When the request comes back to Apache from the CAS server with the > ticket (using mod_auth_cas), apache is throwing error. > > > > “Could not perform SSL handshake with alx-dev-wrk04.wwre.org (check > CASCertificatePath)” > > > > In my config, httpd.conf calls the ssl.conf and the ssl.conf has the > following line. > > > > SSLCertificateFile conf/sslcrt/server.crt > > > > Now the serer.crt is the file generated for the CAS Server by the key > tool (with the cas server machine name). > > > > What am I doing wrong here? Do I need to import this crt into > something else? Or can same body give me the clue to get this > certificate into JVM on the apache server having mod_auth_cas? I > resolved the same issue on a tomcat server running the CAS client but > on this Apache (MOD_AUTH_CAS) I am not getting the idea of where to > configure the self signed certificate. > > > > Thanks a lot > > Srikar. > > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas -- Matt Smith [EMAIL PROTECTED] University Information Technology Services (UITS) University of Connecticut PGP Key ID: 0xE9C5244E
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
