Software
 » 
CAS
 » 
CAS Users

 « Return to Thread: Certificates

Re: Certificates

by Luk VERHOEVEN :: Rate this Message:

Reply to Author | View in Thread

Some parts of this message have been removed. Learn more about Nabble's security policy.
Am I right ? 
1.) I must first create a CA via openssl.
2.) Then I must create a csr via keytool
3.) Then I must sign the csr via openssl
4.) Import the certificate in the cacerts file
 
Thanks,
Luk, 

From: Velpi [mailto:velpi@...]
To: Yale CAS mailing list [mailto:cas@...]
Sent: Thu, 15 May 2008 11:08:24 +0200
Subject: Re: Certificates

You can use "your own CA" and use that to sign any certificate when you
add that CA's certificate to the truststore (of Tomcat/Java/...). You
can even add all the individual certificates to the truststore, though
that may be harder to manage.

The JAVA truststore is the "cacerts" file in your JRE/JDK installation.
you can use keytool to view/modify it. Tomcat uses that by default.
You can also specify another truststore-file for a Tomcat connector (see
connector docs).
You may want to read these commands:
http://shib.kuleuven.be/docs/ssl_commands.shtml#keytool

Note that you "your own CA"s certificate is quite important.

--Velpi

Luk VERHOEVEN wrote:

> Dear,
>
>
>
> I use CAS 3.2 with Acegi 1.0.6 and Tomcat 5.5.17. It works all locally
> with a generated certificate and cn name localhost. But the customer
> want to test it on the server on their intranet. They use a
> <host>.domain. Then it shows the invalid certificate error. Is there a
> solution without an official CA ? Even the free CA’s you must enter a
> valid e-mail address for the domain (It’s a government), but I’m not the
> manager of the network it’s an external company. I can execute
> commands on the server as root only via the external company.
>
> It may a solution without SSL, because the LDAP isn’t secure and sends
> the password as plain text. You’re right it’s bad, but the customer is
> satisfied with it. We use the CAS server for SSO.
>
>
>
> Thanx,
>
> Luk,
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas@...
> http://tp.its.yale.edu/mailman/listinfo/cas


--
/---------------------------------------------
| Jan "Velpi" Van der Velpen
| Velpi@... || +32 (0) 498 61 24 89
\---------------------------------------------
_______________________________________________
Yale CAS mailing list
cas@...
http://tp.its.yale.edu/mailman/listinfo/cas
 
 

_______________________________________________
Yale CAS mailing list
cas@...
http://tp.its.yale.edu/mailman/listinfo/cas

 « Return to Thread: Certificates

LightInTheBox - Buy quality products at wholesale price
Free Forum Powered by Nabble Forum Help