Hi David, Thanks for the response.
The CAS server using Tomcat requires the keystore in the Tomcat area. The business server or application server (using CAS client) requires an imported cert into cacerts for the trust when the CAS server is called from the CAS client code. If I'm repeating what you already know, bear with me. This is tricky stuff sometimes.
I haven't even got to the CAS part yet. As I said, this is really a Tomcat issue as I can't get Tomcat working with this certificate. At least there doesn't seem to be any obvious mistake in what I've attempted to do.
What you didn't tell us is if you used the keytool executable to list the contents of the stores 1) in the Tomcat area (8443 port) and 2) cacerts at $JAVA_HOME/jre/lib/security on the CAS client server.
I have looked but didn't post them.
You may very well think that you are doing things correctly but the listing may prove otherwise. Also, the keytool program will sometimes behave as if it were successful when nothing actually happened.
I have looked at the certificate stores and they look "correct" but I will examine them in more detail. I'm trying to use the signed certificate as the server that uses CAS already has one of these signed by our own CA. Thus, I shouldn't have to import the CA certificate into its keystore as it already has it. When using the self signed one which did work then I did go through this import for the server using CAS.
Try the listing and understand what's in the stores and when they are actually called or used for validation.
I will have another look at it but I think I'm off to the Apache route as that's where I need to be in the end anyway. I was just putting it off and trying to develop using just Tomcat.
Thanks -- Matthew Jones Interactive Data Managed Solutions Ltd ----------------------------------------------------------------------- Registered in England Company Number 3691868 Registered Office: Fitzroy House, 13-17 Epworth Street, London, EC2A 4DL Tel: +44 (0)1242 694133 | Fax: +44 (0)1242 694109 [EMAIL PROTECTED] http://www.interactivedata-ms.com/694133
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
