CAS

Trusting CAS Self-signed Certs

Submitted by sandip on Mon, 06/23/2008 - 11:24. | Tags:

Yales' CAS client attempts to verify the service ticket it received from CAS, and when it tries to connect to the CAS server, it encounters SSL handshake error caused by using a self-signed SSL certificate on the CAS server. The Java process running tomcat does not trust the certificate presented by the CAS server. This is part of Java security.

A work around the issue would be to tell Java to trust the self-signed certificate as below:

# keytool -importcert -trustcacerts -alias {cert_alias_name} -file \
          /path/to/self-signed.cer -keypass changeit -keystore  \
          /usr/local/java/jre/lib/security/cacerts

Use the below command to list:

$ keytool -list -keystore /usr/local/java/jre/lib/security/cacerts | grep -A 1 {cert_alias_name}

sandip's blog
Add new comment

User login

Recent blog posts

c-client library version skew with uw-imap
Installation of Munin and Munin-Node
Convert / root filesytem to use lvm over raid
SATA disks as AHCI
Forcing apache to listen to ipv4
Drupal 5.11 upgrade fixes
Sender Policy Framework (SPF)
Learning Bash Scripting
analog filesize limit
Restoring Plesk server

CAS

Trusting CAS Self-signed Certs

User login

Recent blog posts

Who's online