You can use "your own CA" and use that to sign any certificate when you add that CA's certificate to the truststore (of Tomcat/Java/...). You can even add all the individual certificates to the truststore, though that may be harder to manage.
The JAVA truststore is the "cacerts" file in your JRE/JDK installation. you can use keytool to view/modify it. Tomcat uses that by default. You can also specify another truststore-file for a Tomcat connector (see connector docs). You may want to read these commands: http://shib.kuleuven.be/docs/ssl_commands.shtml#keytool Note that you "your own CA"s certificate is quite important. --Velpi Luk VERHOEVEN wrote: > Dear, > > > > I use CAS 3.2 with Acegi 1.0.6 and Tomcat 5.5.17. It works all locally > with a generated certificate and cn name localhost. But the customer > want to test it on the server on their intranet. They use a > <host>.domain. Then it shows the invalid certificate error. Is there a > solution without an official CA ? Even the free CA’s you must enter a > valid e-mail address for the domain (It’s a government), but I’m not the > manager of the network it’s an external company. I can execute > commands on the server as root only via the external company. > > It may a solution without SSL, because the LDAP isn’t secure and sends > the password as plain text. You’re right it’s bad, but the customer is > satisfied with it. We use the CAS server for SSO. > > > > Thanx, > > Luk, > > > ------------------------------------------------------------------------ > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas -- /--------------------------------------------- | Jan "Velpi" Van der Velpen | [EMAIL PROTECTED] || +32 (0) 498 61 24 89 \--------------------------------------------- _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
