Web server on different machine to CAS server - SOLVED
Scott Battaglia
scott.battaglia at gmail.com
Tue Mar 6 15:47:12 EST 2007
Glad to hear it worked for you.
-Scott
On 3/5/07, Mike Crawford <mike.crawford at gmail.com> wrote:
>
> Thankyou for enduring with me... problem solved. I had gotten myself into
> a tangle with too many certificates and CAS servers floating around.
>
> I'm sure this is trivial for most but for those as novice as me - to setup
> CAS on a server by itself:
>
> *Get the CAS application running using the yale website instructions... I
> used J2EE server .war version running in tomcat
>
> *On the same server generate a key with alias tomcat into a keystore...
> the cn property being the name of your cas server
>
> *Generate a certificate (.crt) from the key you just created
>
> *On the same server in the SSL connector in server.xml of tomcat... point
> to the keystore. (keystoreFile & keystorePass)
>
> *Copy the certificate you exported to your webserver or uPortal machine.
>
> *Import the cert into your java cacerts keystore on the webserver
>
> *Check that your webserver or uPortal application has the standard CAS
> filter within the web-app tag of web.xml, and the serverName property
> being the name of your web server, including the port 8080 if that's what
> you're running tomcat on.
>
> Cheers,
>
> Mike
>
>
>
>
> On 3/5/07, Mike Crawford <mike.crawford at gmail.com> wrote:
> >
> > I've added that and it gave no additional output. I tested it by making
> > an obvious mistake and it seems to work though.
> >
> > I think my problem comes down to a basic lack of understanding of the
> > certificates and keystores.
> >
> > On the CAS server, I created a private key with the same name as the CAS
> > server, then exported a cert and imported that into cacerts on the CAS
> > server. Then I copied the cert to the web server. On the web server I set
> > the serverName part of my filter to be the webserver name, and imported the
> > cert into the JVM keystore.
> >
> > This didn't work for me. I have tomcat running on both servers, the
> > server.xml on the CAS server pointing to the private keystore.... and on
> > the webserver I don't need to point to a private keystore?
> >
> > Do I have the basics right here? Make private keystore on CAS Server,
> > send the cert to the webserver and import it into cacerts??
> >
> > Thanks,
> >
> > Mike
> >
> >
> > On 3/1/07, Marvin S. Addison <serac at vt.edu> wrote:
> > >
> > > If you suspect a keystore/certificate issue of any kind, the Java SSL
> > > debug output is indispensable in diagnosing the problem. Could you
> > > perform a SSL debug trace by adding
> > >
> > > -Djavax.net.debug=ssl
> > >
> > > to your JVM startup parameters. This is easily done for Tomcat:
> > > create
> > > a $TOMCAT_HOME/bin/setenv.sh file and add the line
> > >
> > > CATALINA_OPTS=$CATALINA_OPTS" -Djavax.net.debug=ssl"
> > >
> > > This will generate _a lot_ of data in $TOMCAT_HOME/logs/catalina.out
> > > by
> > > default. If you could post what you think are relevant bits of that
> > > output, we might be able to help further.
> > >
> > > Regards,
> > > Marvin Addison
> > > --
> > > Applications Programming Analyst
> > > Collaborative Technologies Unit
> > > Virginia Tech
> > >
> > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> >
> >
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070306/65cd2c17/attachment.html
More information about the cas
mailing list