You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Lisa Tan <ag...@wayne.edu> on 2007/08/10 15:36:05 UTC

Re: Self-Signed Certificate for Tomcat JVM and CAS

I don't know if this is a right list to ask this question. I tried to
configure shibboleth which uses Tomcat with CAS authentication. I received
an error: Unable to validate ProxyTicketValidator

 

I did google search on this topic and understood the reason causing this
problem is Tomcat JVM doesn't trust the SSL cert of the CAS server. Since I
am still in the testing stage, I can't get a CA certificate but the
self-signed certificate.

 

If my understanding is correct, the self signed certificate via openssl
doesn't have jks format but Tomcat JVM only accept jks format certificate.

 

I am just wondering if any one can give me some instruction how to create a
self-signed certificate and private key which can be used or imported to
both Tomcat JVM and CAS server.

 

Thanks,

 

Lisa

Re: Self-Signed Certificate for Tomcat JVM and CAS

Posted by Bill Barker <wb...@wilshire.com>.

"Lisa Tan" <ag...@wayne.edu> wrote in message 
news:007901c7db53$66fe7870$d804d98d@cit.wayne.edu...
>I don't know if this is a right list to ask this question. I tried to
> configure shibboleth which uses Tomcat with CAS authentication. I received
> an error: Unable to validate ProxyTicketValidator
>
>
>
> I did google search on this topic and understood the reason causing this
> problem is Tomcat JVM doesn't trust the SSL cert of the CAS server. Since 
> I
> am still in the testing stage, I can't get a CA certificate but the
> self-signed certificate.
>
>
>
> If my understanding is correct, the self signed certificate via openssl
> doesn't have jks format but Tomcat JVM only accept jks format certificate.
>

If you had read the friendly manual at 
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html, you would know that 
this isn't true :).  While it talks about the keystore, the truststore works 
the same way.  So use openssl to create a pkcs12 file, specify this as the 
truststore, in whatever way you need to do from the CAS docs, and you should 
be good to go.
>
>
> I am just wondering if any one can give me some instruction how to create 
> a
> self-signed certificate and private key which can be used or imported to
> both Tomcat JVM and CAS server.
>
>
>
> Thanks,
>
>
>
> Lisa
>
>
>
>
>
> 




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org