Yitzchak, If you are trying to configure Tomcat to be a standalone server and more comfortable with the Apache HTTPD way of handling SSL, you could use the Tomcat Apache Portable Runtime Connector. It is the same code for SSL used by Apache HTTPD and easy to configure; I personally hate keystores.
http://tomcat.apache.org/native-doc/ http://tomcat.apache.org/tomcat-6.0-doc/apr.html HTH, A- On 12/16/08 11:56 AM, "Yitzchak Schaffer" <[email protected]> wrote: > Hello all: > > Trying to get CAS working with Apache proxying to Tomcat via AJP. I did > the demo [1] successfully with Tomcat standing alone, but I don't > understand Tomcat+CAS well enough to know how to get my self-signed dev > (cas.jim.com) setup going. When I browse > https://cas.jim.com/cas/services/ for example, I get: > > You are not authorized to use this application for the following reason: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target. > > This had worked with standalone Tomcat. For Apache, I used: > openssl req -new -x509 -nodes -out cas.crt -keyout cas.key > to create my certificate and key, which are working with Apache alone. > > I then did: > sudo keytool -import -file cas.crt -keypass changeit > to get them into keystore. > > What did I miss in this relationship? > > Thank you! > > [1] http://www.ja-sig.org/wiki/display/CASUM/Demo _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
