My question is not about how to use keytool. I want to know if it's necessary to implement keytool in CAS installation and configuration with application. If not, what other should I use. I have my CAS 3.2.1 working but just don't know how to link to the application. I follow the demo page but it seems the keytool method is not for production. If so, what should I use to do.
Edward Andrew R Feller wrote: > Edward, > > This type of question should be kept on the general CAS mail list and > not the developer list. > > If you are having problems using a keystore, you could also use the > Apache Portable Runtime protocol for handling SSL. For more > information, you can read the Tomcat documentation here: > http://tomcat.apache.org/tomcat-5.5-doc/apr.html > > Here is a sample connector using it: > > <Connector port="443" > protocol="org.apache.coyote.http11.Http11AprProtocol" > maxHttpHeaderSize="8192" > maxThreads="150" > minSpareThreads="25" > maxSpareThreads="75" > enableLookups="false" > disableUploadTimeout="true" > acceptCount="100" > scheme="https" > secure="true" > SSLEngine="on" > SSLCertificateFile="${catalina.base}/conf/localhost.crt" > > SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" > /> > > HTH, > > Andrew R Feller, Analyst > University Information Systems > 200 Fred Frey Building > Louisiana State University > Baton Rouge, LA, 70803 > (225) 578-3737 (Office) > (225) 578-6400 (Fax) > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Edward Chen > Sent: Tuesday, May 06, 2008 4:55 PM > To: Mailing list for CAS developers > Subject: [cas-dev] keytool needed?? > > Hi, > > I have a couple of questions. > I installed CAS3.2.1 in my local workstation Windows XP with Tomcat 5.5. > > It works just fine with my local Mysql and LDAP. I deployed my local CAS > > to my company's Tomcat web server It works fine. Now I want to link the > server CAS to the applications. I mean re-direct process. > > I used demo instruction http://www.ja-sig.org/wiki/display/CASUM/Demo > to install my workstation CAS for a testing. I use keystore file...etc > > My question is if I use to do the same thing by using keytool to > self-author a server certificate in company's web server? for example, > do I need to add the following to server.xml > > > <!-- Define a SSL HTTP/1.1 Connector on port 8443 --> > <Connector port="8443" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="100" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" > keystoreFile="C:/Documents and Settings/xxxxx/.keystore" > keystorePass="changeit" > truststoreFile="C:/Program > Files/Java/jdk1.6.0_04/jre/lib/security/cacerts" /> > > and add the following in the web.xml > > > <filter> > <filter-name>CAS Filter</filter-name> > <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class> > <init-param> > <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name> > <param-value>https://xxx.com:8443/cas/login</param-value> > </init-param> > <init-param> > <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name> > <param-value>https://xxx.com:8443/cas/serviceValidate</param-value> > </init-param> > <init-param> > <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name> > <param-value>xxx:8080</param-value> > </init-param> > </filter> > > <filter-mapping> > <filter-name>CAS Filter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > > > > _______________________________________________ > cas-dev mailing list > [EMAIL PROTECTED] > http://tp.its.yale.edu/mailman/listinfo/cas-dev > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
