Cas20ProxyRetriever and Self Signed Certs
Bill Bailey
Bill.Bailey at northlandchurch.net
Thu Jun 21 10:37:40 EDT 2007
Hi,
I resolved my earlier problems with HTTPS and SSL certificates and have
gotten as far as obtaining the proxy granting ticket, but just when I
thought I was past my HTTPS woes, I have run into another SSL related
issue.
Right now I am using self-signed certificates and will be for a while.
I am trying to use Cas20ProxyRetriever to retrieve the proxy ticket and
it requires an Apache Commons HttpClient to operate. I have tried both
by using a default HttpClient directly injected and by using the
HttpClient3FactoryBean. I have not yet found a combination that accepts
my self-signed certificates. I get a
javax.net.ssl.SSLPeerUnverifiedException each time I invoke
getProxyTicketIdFor and pass the httpClient and service name.
I assume I need to somehow point the httpClient to a trust store
containing the self signed certificate from the CAS server, but I
haven't yet been able to see how to do that. The CAS server certificate
has already been loaded into the JRE trust store and the other CAS
client code (e.g. the proxyValidate call to validate the original
service ticket) seems to be working ok, but my custom use of
Cas20ProxyRetriever is not.
The documentation on HttpClient3FactoryBean is pretty sparse so I just
made a guess and tried setting strict and useStrictHostNameChecking to
false. The error changed from javax.net.ssl.SSLPeerUnverifiedException
to
javax.net.ssl.SSLHandshakeException: Remote host closed connection
during handshake
Caused by: java.io.EOFException: SSL peer shut down incorrectly
What do I need to do to make this work?
Help?
Bill Bailey
Senior Developer / DBA
Northland, A Church Distributed
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070621/be41ae8e/attachment.html
More information about the cas
mailing list