CAS - HTTPS Error

Scott Battaglia scott.battaglia at gmail.com
Wed Nov 7 12:14:15 EST 2007 

Cliff,

I'm pretty sure you can't use the IP address as the CN name for the
certificate.  I believe it actually needs to be the host name.

-Scott

On Nov 7, 2007 11:30 AM, Clifford Bryant <CBryant at edgewater.com> wrote:

>  Hello,
>
>
>
> We are trying to setup CAS with Tomcat and Apache.  The Tomcat SSL port
> has been opened for CAS.  We are trying to use the IP addresses of the
> Tomcat servers on the internal network.  Normally, the SSL port is not open
> to the outside world.  The IP address of the Tomcat server was used in the
> SSL certificate.
>
>
>
> Here is the error.  *Any help would be greatly appreciated!*
>
>
>
> The IP addresses is the same, so not sure why I am getting this error
> message?
>
>
>
> 2007-11-07 15:31:42,523 INFO [
> org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket
> [ST-3-WIU6g7n6WlJHeTlOnJWm6NtKyiyZDSv3HrH-20] for service [https://192.168.254.70:8443<https://192.168.254.70:8443/terms/rs_timesheet.css>
> /terms/rs_timesheet.css<https://192.168.254.70:8443/terms/rs_timesheet.css>]
> for user [Admin100]>
>
> 24131 [http-8443-Processor25] ERROR [/terms].[default]  - Servlet.service()
> for servlet default threw exception
>
> java.io.IOException : HTTPS hostname wrong:  should be <192.168.254.70>
>
>         at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing (
> HttpsClient.java:493)
>
>         at sun.net.www.protocol.https.HttpsClient.afterConnect (
> HttpsClient.java:418)
>
>         at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(
> AbstractDelegateHttpsURLConnection.java:170)
>
>         at sun.net.www.protocol.http.HttpURLConnection.getInputStream (
> HttpURLConnection.java:913)
>
>         at
> com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream
> (HttpsURLConnectionOldImpl.java:204)
>
>         at edu.yale.its.tp.cas.util.SecureURL.retrieve (SecureURL.java:70)
>
>         at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(
> ServiceTicketValidator.java:212)
>
>         at
> edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(
> CASFilter.java :219)
>
>         at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(
> CASFilter.java:184)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:215)
>
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:188)
>
>         at org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:213)
>
>         at org.apache.catalina.core.StandardContextValve.invoke(
> StandardContextValve.java:174)
>
>         at org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java:127)
>
>         at org.apache.catalina.valves.ErrorReportValve.invoke (
> ErrorReportValve.java:117)
>
>         at org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:108)
>
>         at org.apache.catalina.connector.CoyoteAdapter.service(
> CoyoteAdapter.java :151)
>
>         at org.apache.coyote.http11.Http11Processor.process(
> Http11Processor.java:874)
>
>         at
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection
> (Http11BaseProtocol.java :665)
>
>         at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(
> PoolTcpEndpoint.java:528)
>
>         at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(
> LeaderFollowerWorkerThread.java :81)
>
>         at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> ThreadPool.java:689)
>
>         at java.lang.Thread.run(Thread.java:595)
>
> starting Apache.......
>
>
>
>
>
> Clifford Bryant, Senior Developer
>
> Edgewater Technology, Inc.
>
> -------------------------------------------------------------
>
> 20 Harvard Mill Square
>
> Wakefield, MA 01880
>
> Direct (:  781.213.9885
>
> Cell (:  617.417.6704
>
> Fax 6:  781.246.5903
>
> *:  *cbryant*@edgewater.com <cbryant at edgewater.com>
>
> ü:  www.edgewater.com
>
>
>
> This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed.  This communication may contain information that is protected from disclosure by applicable law.  If you are not the intended recipient, or the employee or agent responsible for delivering this communication to the intended recipient, be advised that you have received this e-mail in error and any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited.  If you believe that you have received this e-mail in error, please immediately notify Edgewater Technology by telephone at (781) 246-3343 and delete the communication from all e-mail files.
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>


-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20071107/14f75cc1/attachment.html

More information about the cas mailing list