|

»

»

once more : wildcard certificate problem, client side

View: New views

4 Messages — Rating Filter: Alert me

	once more : wildcard certificate problem, client side by Matteo Matteo :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I'm using CAS Client 2.1.0 for authentication (filter under Tomcat) edu\yale\its\tp\cas\client\filter\CASFilter.java The problem is that if I install wildcard SSL certificate (self signed, for "*.company.de") on my CAS server "cas.local.company.de" than I can not validate a given ticket, getting following exception: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://casintern.... Is there any solution for wildcard certificates? Thanks Matvey _______________________________________________ Yale CAS mailing list cas@... http://tp.its.yale.edu/mailman/listinfo/cas
	Re: once more : wildcard certificate problem, client side by Michael Ströder :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Matteo Matteo wrote: > Is there any solution for wildcard certificates? Why do you want to use wildcard certificates? For security reasons I'd strongly recommend against this. Ciao, Michael. _______________________________________________ Yale CAS mailing list cas@... http://tp.its.yale.edu/mailman/listinfo/cas
	=?koi8-r?Q?Re[2]=3A_once_more_=3A_wildcard_certificate_problem, _client_side?= by Matteo Matteo :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message That's not my choice, unfortunately. If you may give a link where good describe any potential hole with a wildcard certificate - I'd try to show it our leaders... Thanks -----Original Message----- From: Michael StrЖder <michael@...> To: Yale CAS mailing list <cas@...> Date: Fri, 27 Jun 2008 10:34:48 +0200 Subject: Re: once more : wildcard certificate problem, client side > > Matteo Matteo wrote: > > Is there any solution for wildcard certificates? > > Why do you want to use wildcard certificates? > For security reasons I'd strongly recommend against this. > > Ciao, Michael. > _______________________________________________ > Yale CAS mailing list > cas@... > http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ Yale CAS mailing list cas@... http://tp.its.yale.edu/mailman/listinfo/cas
	Re: =?koi8-r?Q?Re[2]=3A_once_more_=3A_wildcard_certificate_problem, _client_side?= by Michael Ströder :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Matteo Matteo wrote: > That's not my choice, unfortunately. If you may give a link where > good describe any potential hole with a wildcard certificate - I'd > try to show it our leaders... A server cert is also used for server authentication. If you use the server cert with the accompanying private key on several servers the admins of all the servers can fake the other servers. That's bad. For me the real question is why your leaders believe that a wildcard cert is needed. (I have some presumptions but tell me your reason.) Ciao, Michael. _______________________________________________ Yale CAS mailing list cas@... http://tp.its.yale.edu/mailman/listinfo/cas

LightInTheBox - Buy quality products at wholesale price