Re: [cas-dev] keytool needed??

Fri, 09 May 2008 08:15:55 -0700 

Hello,  
   
I'm a working CAS-server 3.2 with acegi and LDAP.  The only problem is that 
I've the well known Invalid certificate error, because the webserver is in a 
domain.  Can I solve this with the solution below and have I need Apache http 2 
for building the APR ?    
   
Thanks,  
Luk,
      _____  

  From: Edward Chen [mailto:[EMAIL PROTECTED]
To: Andrew R Feller [mailto:[EMAIL PROTECTED]
Cc: Yale CAS mailing list [mailto:[EMAIL PROTECTED]
Sent: Wed, 07 May 2008 16:43:40 +0200
Subject: Re: [cas-dev] keytool needed??

My question is not about how to use keytool.

I want to know if it's necessary to implement keytool in CAS 
installation and configuration with application. If not, what other 
should I use. I have my CAS 3.2.1 working but just don't know how to 
link to the application. I follow the demo page but it seems the keytool 
method is not for production. If so, what should I use to do.

Edward


Andrew R Feller wrote:
> Edward,
>
> This type of question should be kept on the general CAS mail list and
> not the developer list.
>
> If you are having problems using a keystore, you could also use the
> Apache Portable Runtime protocol for handling SSL. For more
> information, you can read the Tomcat documentation here:
> http://tomcat.apache.org/tomcat-5.5-doc/apr.html
>
> Here is a sample connector using it:
>
> <Connector port="443" 
> protocol="org.apache.coyote.http11.Http11AprProtocol" 
> maxHttpHeaderSize="8192"
> maxThreads="150"
> minSpareThreads="25"
> maxSpareThreads="75"
> enableLookups="false"
> disableUploadTimeout="true"
> acceptCount="100"
> scheme="https"
> secure="true"
> SSLEngine="on" 
> SSLCertificateFile="${catalina.base}/conf/localhost.crt"
> 
> SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" 
> />
>
> HTH,
>
> Andrew R Feller, Analyst
> University Information Systems
> 200 Fred Frey Building
> Louisiana State University
> Baton Rouge, LA, 70803
> (225) 578-3737 (Office)
> (225) 578-6400 (Fax)
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Edward Chen
> Sent: Tuesday, May 06, 2008 4:55 PM
> To: Mailing list for CAS developers
> Subject: [cas-dev] keytool needed??
>
> Hi,
>
> I have a couple of questions.
> I installed CAS3.2.1 in my local workstation Windows XP with Tomcat 5.5.
>
> It works just fine with my local Mysql and LDAP. I deployed my local CAS
>
> to my company's Tomcat web server It works fine. Now I want to link the 
> server CAS to the applications. I mean re-direct process.
>
> I used demo instruction http://www.ja-sig.org/wiki/display/CASUM/Demo
> to install my workstation CAS for a testing. I use keystore file...etc
>
> My question is if I use to do the same thing by using keytool to 
> self-author a server certificate in company's web server? for example, 
> do I need to add the following to server.xml
>
>
> <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
> <Connector port="8443" maxHttpHeaderSize="8192"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" disableUploadTimeout="true"
> acceptCount="100" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS"
> keystoreFile="C:/Documents and Settings/xxxxx/.keystore"
> keystorePass="changeit"
> truststoreFile="C:/Program 
> Files/Java/jdk1.6.0_04/jre/lib/security/cacerts" />
>
> and add the following in the web.xml
>
>
> <filter>
> <filter-name>CAS Filter</filter-name>
> <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
> <init-param>
> <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
> <param-value>https://xxx.com:8443/cas/login</param-value>
> </init-param>
> <init-param>
> <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
> <param-value>https://xxx.com:8443/cas/serviceValidate</param-value>
> </init-param>
> <init-param>
> <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
> <param-value>xxx:8080</param-value>
> </init-param>
> </filter>
>
> <filter-mapping>
> <filter-name>CAS Filter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
>
>
>
> _______________________________________________
> cas-dev mailing list
> [EMAIL PROTECTED]
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
> 

_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
      
   
 
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to