Edward, This type of question should be kept on the general CAS mail list and not the developer list.
If you are having problems using a keystore, you could also use the Apache Portable Runtime protocol for handling SSL. For more information, you can read the Tomcat documentation here: http://tomcat.apache.org/tomcat-5.5-doc/apr.html Here is a sample connector using it: <Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEngine="on" SSLCertificateFile="${catalina.base}/conf/localhost.crt" SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" /> HTH, Andrew R Feller, Analyst University Information Systems 200 Fred Frey Building Louisiana State University Baton Rouge, LA, 70803 (225) 578-3737 (Office) (225) 578-6400 (Fax) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edward Chen Sent: Tuesday, May 06, 2008 4:55 PM To: Mailing list for CAS developers Subject: [cas-dev] keytool needed?? Hi, I have a couple of questions. I installed CAS3.2.1 in my local workstation Windows XP with Tomcat 5.5. It works just fine with my local Mysql and LDAP. I deployed my local CAS to my company's Tomcat web server It works fine. Now I want to link the server CAS to the applications. I mean re-direct process. I used demo instruction http://www.ja-sig.org/wiki/display/CASUM/Demo to install my workstation CAS for a testing. I use keystore file...etc My question is if I use to do the same thing by using keytool to self-author a server certificate in company's web server? for example, do I need to add the following to server.xml <!-- Define a SSL HTTP/1.1 Connector on port 8443 --> <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:/Documents and Settings/xxxxx/.keystore" keystorePass="changeit" truststoreFile="C:/Program Files/Java/jdk1.6.0_04/jre/lib/security/cacerts" /> and add the following in the web.xml <filter> <filter-name>CAS Filter</filter-name> <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class> <init-param> <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name> <param-value>https://xxx.com:8443/cas/login</param-value> </init-param> <init-param> <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name> <param-value>https://xxx.com:8443/cas/serviceValidate</param-value> </init-param> <init-param> <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name> <param-value>xxx:8080</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> _______________________________________________ cas-dev mailing list [EMAIL PROTECTED] http://tp.its.yale.edu/mailman/listinfo/cas-dev _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
