[cas-dev] keytool needed??

Wed May 7 08:12:57 EDT 2008

Edward,

This type of question should be kept on the general CAS mail list and
not the developer list.

If you are having problems using a keystore, you could also use the
Apache Portable Runtime protocol for handling SSL.  For more
information, you can read the Tomcat documentation here:
http://tomcat.apache.org/tomcat-5.5-doc/apr.html

Here is a sample connector using it:

    <Connector port="443" 
               protocol="org.apache.coyote.http11.Http11AprProtocol" 
               maxHttpHeaderSize="8192"
               maxThreads="150"
               minSpareThreads="25"
               maxSpareThreads="75"
               enableLookups="false"
               disableUploadTimeout="true"
               acceptCount="100"
               scheme="https"
               secure="true"
               SSLEngine="on" 
               SSLCertificateFile="${catalina.base}/conf/localhost.crt"

SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" 
               />

HTH,

Andrew R Feller, Analyst
University Information Systems
200 Fred Frey Building
Louisiana State University
Baton Rouge, LA, 70803
(225) 578-3737 (Office)
(225) 578-6400 (Fax)

-----Original Message-----
From: cas-dev-bounces at tp.its.yale.edu
[mailto:cas-dev-bounces at tp.its.yale.edu] On Behalf Of Edward Chen
Sent: Tuesday, May 06, 2008 4:55 PM
To: Mailing list for CAS developers
Subject: [cas-dev] keytool needed??

Hi,

I have a couple of questions.
I installed CAS3.2.1 in my local workstation Windows XP with Tomcat 5.5.

It works just fine with my local Mysql and LDAP. I deployed my local CAS

to my company's Tomcat web server It works fine. Now I want to link the 
server CAS to the applications. I mean re-direct process.

I used demo instruction http://www.ja-sig.org/wiki/display/CASUM/Demo
to install my workstation CAS for a testing. I use keystore file...etc

My question is if I use to do the same thing by using keytool to 
self-author a server certificate in company's web server?  for example, 
do I need to add the following to server.xml

<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:/Documents and Settings/xxxxx/.keystore"
keystorePass="changeit"
truststoreFile="C:/Program 
Files/Java/jdk1.6.0_04/jre/lib/security/cacerts" />

and add the following in the web.xml

<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
<param-value>https://xxx.com:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
<param-value>https://xxx.com:8443/cas/serviceValidate</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<param-value>xxx:8080</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

_______________________________________________
cas-dev mailing list
cas-dev at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas-dev