Web server on different machine to CAS server

[Mike Crawford]

I've added that and it gave no additional output.  I tested it by making an
obvious mistake and it seems to work though.

I think my problem comes down to a basic lack of understanding of the
certificates and keystores.

On the CAS server, I created a private key with the same name as the CAS
server, then exported a cert and imported that into cacerts on the CAS
server.  Then I copied the cert to the web server.  On the web server I set
the serverName part of my filter to be the webserver name, and imported the
cert into the JVM keystore.

This didn't work for me.  I have tomcat running on both servers, the
server.xml on the CAS server pointing to the private keystore.... and on the
webserver I don't need to point to a private keystore?

Do I have the basics right here?  Make private keystore on CAS Server, send
the cert to the webserver and import it into cacerts??

Thanks,

Mike


On 3/1/07, Marvin S. Addison <serac at vt.edu> wrote:
>
> If you suspect a keystore/certificate issue of any kind, the Java SSL
> debug output is indispensable in diagnosing the problem.  Could you
> perform a SSL debug trace by adding
>
> -Djavax.net.debug=ssl
>
> to your JVM startup parameters.  This is easily done for Tomcat: create
> a $TOMCAT_HOME/bin/setenv.sh file and add the line
>
> CATALINA_OPTS=$CATALINA_OPTS" -Djavax.net.debug=ssl"
>
> This will generate _a lot_ of data in $TOMCAT_HOME/logs/catalina.out by
> default.  If you could post what you think are relevant bits of that
> output, we might be able to help further.
>
> Regards,
> Marvin Addison
> --
> Applications Programming Analyst
> Collaborative Technologies Unit
> Virginia Tech
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070305/d7570371/attachment.html