Re: Certificates

Thu, 15 May 2008 03:25:13 -0700 

Am I right ?   
1.) I must first create a CA via openssl.  
2.) Then I must create a csr via keytool  
3.) Then I must sign the csr via openssl  
4.) Import the certificate in the cacerts file  
   
Thanks,  
Luk, 
      _____  

  From: Velpi [mailto:[EMAIL PROTECTED]
To: Yale CAS mailing list [mailto:[EMAIL PROTECTED]
Sent: Thu, 15 May 2008 11:08:24 +0200
Subject: Re: Certificates

You can use "your own CA" and use that to sign any certificate when you 
add that CA's certificate to the truststore (of Tomcat/Java/...). You 
can even add all the individual certificates to the truststore, though 
that may be harder to manage.

The JAVA truststore is the "cacerts" file in your JRE/JDK installation. 
you can use keytool to view/modify it. Tomcat uses that by default. 
You can also specify another truststore-file for a Tomcat connector (see 
connector docs).
You may want to read these commands:
http://shib.kuleuven.be/docs/ssl_commands.shtml#keytool

Note that you "your own CA"s certificate is quite important.

--Velpi

Luk VERHOEVEN wrote:
> Dear,
> 
> 
> 
> I use CAS 3.2 with Acegi 1.0.6 and Tomcat 5.5.17. It works all locally 
> with a generated certificate and cn name localhost. But the customer 
> want to test it on the server on their intranet. They use a 
> <host>.domain. Then it shows the invalid certificate error. Is there a 
> solution without an official CA ? Even the free CA’s you must enter a 
> valid e-mail address for the domain (It’s a government), but I’m not the 
> manager of the network it’s an external company. I can execute 
> commands on the server as root only via the external company.
> 
> It may a solution without SSL, because the LDAP isn’t secure and sends 
> the password as plain text. You’re right it’s bad, but the customer is 
> satisfied with it. We use the CAS server for SSO.
> 
> 
> 
> Thanx,
> 
> Luk,
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas


-- 
/---------------------------------------------
| Jan "Velpi" Van der Velpen
| [EMAIL PROTECTED] || +32 (0) 498 61 24 89
\---------------------------------------------
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
      
   
 
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to