Hi, Can you please include the contents of your Apache debug logs with the server LogLevel set to debug and CASDebug On?
Also, have you tried the directive CASValidateServer Off to ensure that there are no strange network connectivity issues? Is the public key for the CA that signed your CAS server's certificate located on the machine with mod_auth_cas? Is that the argument that you have given to CASCertificatePath, or did you use a more generic /etc/ssl/certs/ ? If you used the directory, make sure that your CA's public key is in /etc/ssl/certs/ and that you have run c_rehash in that directory. Hope this helps, -Phil On Wed, Apr 16, 2008 at 7:03 PM, Guss, Erik <[EMAIL PROTECTED]> wrote: > > > Hi, > I'm trying to work out SSL issues. My environment is apache > 2.3/mod_jk/mod_ssl passing cas requests to tomcat CAS server on port 8080 > via worker config in apache. This works as per the install docs via the > https:// protocol. > > When I try to use a cas client other than a browser, i.e. - apache > mod_auth_cas, the error log says "Unable to perform SSL handshake with (cas > server)". > > I've seen conflicting documentation on this issue. The tomcat install docs > indicate that if running tomcat "behind" apache via mod_jk, then only apache > needs SSL functionality. There are also docs for mod_auth_cas which explain > how to configure the client mod_auth_cas with the CA cert of the cas server, > but only when tomcat is ssl-enabled, not running behind apache-ssl. I've > tried adding the apache-ssl CA cert to the client machine, with no better > results. > > Has anyone configured mod_auth_cas against an apache-ssl server working via > mod_jk to tomcat/CAS behind it? > > Thanks, Erik Guss - Montana State Univ. > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
