...
The keys will also need to be available to the CAS application (but not publicly available over the Internet). We recommend you place the keys within your classpath (i.e. WEB-INF/classes) though any location accessible by the user running the web server instance is acceptable: and not served publicly to the Internet is acceptable. Thus, inside WEB-INF is nice because WEB-INF is scoped to the web application but not normally served. Inside the webapp but not in WEB-INF is fraught with peril. Somewhere like /etc/cas/keys/ is a fine idea as well and protects the key from being overwritten on deploy of a new CAS webapp version.
| No Format |
|---|
openssl genrsa -out private.key 1024 openssl rsa -pubout -in private.key -out public.key -inform PEM -outform DER openssl pkcs8 -topk8 -inform PER -outform DER -nocrypt -in private.key -out private.p8 openssl req -new -x509 -key private.key -out x509.pem -days 365 |
...