"Lisa Tan" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] >I don't know if this is a right list to ask this question. I tried to > configure shibboleth which uses Tomcat with CAS authentication. I received > an error: Unable to validate ProxyTicketValidator > > > > I did google search on this topic and understood the reason causing this > problem is Tomcat JVM doesn't trust the SSL cert of the CAS server. Since > I > am still in the testing stage, I can't get a CA certificate but the > self-signed certificate. > > > > If my understanding is correct, the self signed certificate via openssl > doesn't have jks format but Tomcat JVM only accept jks format certificate. >
If you had read the friendly manual at http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html, you would know that this isn't true :). While it talks about the keystore, the truststore works the same way. So use openssl to create a pkcs12 file, specify this as the truststore, in whatever way you need to do from the CAS docs, and you should be good to go. > > > I am just wondering if any one can give me some instruction how to create > a > self-signed certificate and private key which can be used or imported to > both Tomcat JVM and CAS server. > > > > Thanks, > > > > Lisa > > > > > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]