Cas20ProxyRetriever and Self Signed Certs

Scott Battaglia scott.battaglia at gmail.com
Thu Jun 21 11:03:37 EDT 2007 

The CAS Proxy Retriever obtains its certificate information from the JVM
which is why you see no additional documentation for it.

Your remote server appears to have closed its connection during the
handshake.

You can try and turn debug on for the JVM with the following:

-Djavax.net.debug=ssl,handshake,record

-Scott

On 6/21/07, Bill Bailey <Bill.Bailey at northlandchurch.net> wrote:
>
>  Hi,
>
>
>
> I resolved my earlier problems with HTTPS and SSL certificates and have
> gotten as far as obtaining the proxy granting ticket, but just when I
> thought I was past my HTTPS woes, I have run into another SSL related issue.
>
>
>
> Right now I am using self-signed certificates and will be for a while.
>
>
>
> I am trying to use Cas20ProxyRetriever to retrieve the proxy ticket and it
> requires an Apache Commons HttpClient to operate. I have tried both by using
> a default HttpClient directly injected and by using the
> HttpClient3FactoryBean. I have not yet found a combination that accepts my
> self-signed certificates. I get a javax.net.ssl.SSLPeerUnverifiedExceptioneach time I invoke getProxyTicketIdFor and pass the httpClient and service
> name.
>
>
>
> I assume I need to somehow point the httpClient to a trust store
> containing the self signed certificate from the CAS server, but I haven't
> yet been able to see how to do that. The CAS server certificate has already
> been loaded into the JRE trust store and the other CAS client code (e.g.
> the proxyValidate call to validate the original service ticket) seems to be
> working ok, but my custom use of Cas20ProxyRetriever is not.
>
>
>
> The documentation on HttpClient3FactoryBean is pretty sparse so I just
> made a guess and tried setting strict and useStrictHostNameChecking to
> false. The error changed from javax.net.ssl.SSLPeerUnverifiedException to
>
>
>
> javax.net.ssl.SSLHandshakeException: Remote host closed connection during
> handshake
>
>
>
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
>
>
>
> What do I need to do to make this work?
>
>
>
> Help?
>
>
>
> Bill Bailey
>
> Senior Developer / DBA
>
> Northland, A Church Distributed
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>


-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070621/703c611d/attachment.html

More information about the cas mailing list