mod_auth_cas-1.0.6 released

Smith, Matt matt.smith at uconn.edu
Thu Jan 10 10:55:02 EST 2008 

Srikar-

  How did you obtain server.crt?
  Did you export it using keytool using "-exportcert" ?
  Did you export it in PEM format?

  I think using "-rfc" with the "-exportcert" parameter exports in PEM
format.  Otherwise, I think it uses one of the PKCS formats (#7 or #12,
maybe?).

HTH,
-Matt

On Thu, 2008-01-10 at 10:41 -0500, Srikar Kummamuri wrote:
> Scott,
> 
> I tried to place the exact file in the path of CASCertificatePath. Now
> I gaeve the crt file directly in the path.
> 
>  
> 
> CASCookiePath C:/ssl/
> 
> CASCertificatePath C:/ssl/cas_sslcrt/server.crt
> 
> CASValidateServer on
> 
>  
> 
> And the error is,
> 
>  
> 
> [Thu Jan 10 10:37:05 2008] [error] [client 10.6.2.145] MOD_AUTH_CAS:
> Could not load CA certificate file: C:/ssl/cas_sslcrt/server.crt
> 
> [Thu Jan 10 10:37:05 2008] [error] [client 10.6.2.145] MOD_AUTH_CAS:
> Could not create an SSL connection to alx-dev-wrk04.wwre.org
> 
>  
> 
>  
> 
> ..Srikar
> 
>                                    
> ______________________________________________________________________
> From: Srikar Kummamuri 
> Sent: Thursday, January 10, 2008 10:05 AM
> To: 'cas at tp.its.yale.edu'
> Subject: RE: mod_auth_cas-1.0.6 released
> 
> 
>  
> 
> Matt,
> 
> I change the httpd.conf and problem still continues. Let me tell you
> what I did exactly.  On the Apache (Mod_auth_cas) machine, I generated
> a CRT file with the keytool (given the CAS Server name in the first ,
> last names argument of Keytool)  same way that I did on the cas
> server.   Now as you noted, I modified the httpd.conf file in both way
> with relative path and absolute path.
> 
>  
> 
> CASCertificatePath C:\ssl\cas_sslcrt      (In this directory crt file
> and .keystore were there)
> 
>  
> 
> But the problem continues. My doubt is, Is this method (Generating the
> crt file with Keytool)  is good for the apacge (Mod_auth_Cas) ????  Or
> do I need to look into certificate generation methods of OpenSsl??
> 
>  
> 
> Any documents/links/help??
> 
>  
> 
> Thanks a lot.
> 
> Srikar.
> 
>  
> 
>  
> 
>                                    
> ______________________________________________________________________
> From: Srikar Kummamuri 
> Sent: Wednesday, January 09, 2008 5:32 PM
> To: 'cas at tp.its.yale.edu'
> Subject: RE: mod_auth_cas-1.0.6 released
> 
> 
>  
> 
> When the request comes back to Apache from the CAS server with the
> ticket (using mod_auth_cas), apache is throwing  error.
> 
>  
> 
>  “Could not perform SSL handshake with alx-dev-wrk04.wwre.org (check
> CASCertificatePath)”
> 
>  
> 
> In my config,  httpd.conf calls the ssl.conf and the  ssl.conf has the
> following line.
> 
>  
> 
> SSLCertificateFile conf/sslcrt/server.crt
> 
>  
> 
> Now the serer.crt is the file generated for the CAS Server by the key
> tool (with the cas server machine name). 
> 
>  
> 
> What am I doing wrong here?  Do I need to import this crt  into
> something  else? Or can same body give me the clue to get this
> certificate into JVM on the apache server having mod_auth_cas?  I
> resolved the same issue on a tomcat server running the CAS client but
>  on this Apache (MOD_AUTH_CAS) I am not getting the idea of where to
> configure the self signed certificate.
> 
>  
> 
> Thanks a lot
> 
> Srikar.  
> 
>  
> 
> 
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
-- 
Matt Smith
matt.smith at uconn.edu
University Information Technology Services (UITS)
University of Connecticut
PGP Key ID: 0xE9C5244E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20080110/b3633b1b/attachment.bin

More information about the cas mailing list