Hi Marc,
In a typical apache+tomcat setup, you would terminate the ssl tunnel at the
apache webserver and allowing tomcat only to communicate over AJP (by
removing any http/https connector) on the loopback interface (127.0.0.1
instead of 0.0.0.0).
<Connector port="8009" address="127.0.0.1"
enableLookups="false" debug="0"
minProcessors="20" maxProcessors="160"
protocol="AJP/1.3" />
The apache config would look smth like that (Apache 2.2):
<VirtualHost 10.11.12.13:443>
ServerName cas.example.com
ServerAdmin [EMAIL PROTECTED]
RewriteEngine On
RewriteRule ^/$ https://cas.example.com/cas/login [R=301,L]
ProxyPass /cas ajp://127.0.0.1:8009/cas
ProxyPassReverse /cas ajp://127.0.0.1:8009/cas
ErrorLog /var/log/apache/cas.example.com.error.log
CustomLog /var/log/apache/cas.example.com.access.log combined
SSLCertificateFile
/etc/apache2/conf/certs/cas/ca.cas.example.com.crt
SSLCertificateKeyFile
/etc/apache2/conf/certs/cas/cas.example.com.key
SSLCACertificateFile
/etc/apache2/conf/certs/cas/intermediate.crt
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/apache/httpd/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
The certificate you use for the apache ssl configuration should be imported
to the jvm keystore in order to get the service managment application of cas
working (We managed to get an versign-trusted certificate which makes this
process a bit easier ;).
%JAVA_HOME%\bin\keytool -import -file cas.example.com.crt -keypass changeit
hth
Cheers, Sigi
me-76 wrote:
>
> Hi,
>
> I'm currently developing a application with an cas integration.
> Everything works great with
> a tomcat-only installation. That means I've got a tomcat with 3 virtual
> hosts (cas.xyz.com,
> www.xyz.com and admin.xyz.com). The last 2 virtual hosts can
> successfully authorize against cas.
>
> But when I'm going live I've got a diffrent setup. The tomcat is on the
> same server as the apache webserver.
> The apache is working with ProxyPass to the ajp-port of the tomcat.
> Where do I have to configure SSL? Is it only on the webserver or do I
> have to configure it also on the tomcat?
> What about the certificate for the jvm which of them has to be in the
> store?
> Can I convert an openssl key to an java-key? Do you now of any tutorial
> doing that setup?
>
> Thanks for your help in advice.
>
> Marc
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
View this message in context:
http://www.nabble.com/CAS-with-apache-and-tomcat-tp16323782p16327191.html
Sent from the CAS Users mailing list archive at Nabble.com.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
