I'm probably not understanding the question, but I'll bite anyway: > even if the certificate is invalid
It is seldom appropriate to configure *anything* to accept an invalid SSL certificate. To do so is probably to obviate all the security advantages of using SSL. Doing SSL properly institutes some real, industry-standard guarantees about the authenticity of the endpoint and the non-interceptability of the communications with that endpoint (or about the classes of exploit necessary to overcome this, e.g. laying hands on the private SSL key of the server). Doing SSL improperly merely inconveniences the adversary in ways that add no principled security. So my gut reaction is, no, there's no reason to tell CAS to connect to an ldaps where the certificate is invalid, and there is no reason to use an SSL certificate that is invalid from the perspective of the intended consumers of the service it authenticates. Care to clarify the question? Best wishes, Andrew Martin Lamprechter wrote: > Hi! > > Is there any reason to tell cas that it should connect to a secret > ldaps, even if the certificate is invalid? > > Greetings > Martin > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
