| Panel | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
This page has been superceded by httphttps://wwwwiki.ja-sigjasig.org/productsdisplay/cas/server/ssl/index.htmlCASUM/SSL+Troubleshooting+and+Reference+Guide and will eventually be removed.~awp9 contests the wisdom of this plan. See comment below. |
CAS Server requires SSL. Newcomers to deploying secure web applications (and even old hands) sometimes have difficulty configuring the SSL certificates. This page is intended to provide links and help with troubleshooting SSL in the context of deploying an instance of the Central Authentication Service server.
...
| No Format |
|---|
-validity numberOfDays
|
which allows you specify the number of days a certificate is valid for. So in the above example you would use the following command to create the certificate and have it valid for 365 days:
| No Format |
|---|
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keypass changeit -keyalg RSA -validity 365 |
World-readability
K.C. Baltz reminded the List that the public cert Public certificate files must be world-readable, as noted in the README.
...
How do I use a self-signed certificate?
...
DummyTrustManager for development
Joakim Recht suggested on the CAS list that in development you can avoid the need to install your self-signed CAS server certificate on your CAS clients (and your CAS client certificate on your CAS server when the clients need to be securely accessed for CAS to give them Proxy Tickets) by using the DummyTrustManager from here .. (See this JavaWorld article.)
This accepts all certificates, including self-signed.
...
Where can I learn more about the keytool?
At the keytool page.Thanks to Joakim Rect for originally suggesting DummyTrustManager on the CAS list.
A readme
You could try the readme included in this zip, which accompanies this article about CAS.
...