Troubleshooting SSL Issues in mod_auth_cas

Owned by Andrew Petro
Last updated: Jan 10, 2008Version comment
1 min read

Stepwise instructions

Follow the instructions in the readme

Follow all the instructions given in the Mod_auth_Cas -1.0.6. In this, I followed the instruction in readme.win32 since I am working on windows.

Export the crt file

Go to the CAS Server machine and export the crt file from the keystore. With the command 

keytool -export -alias tomcarcert -keystore keystore -file exported-der.crt

Copy the crt file to the client machine

Now copy this exported-der.crt to the client machine where the Apache mod_auth_cas is running.

Use OpenSSL to transform the format of the cert

Open the open ssl. 

cd C:/openssl/bin

openssl

issue the command 

x509 -out C:\ssl\cas_sslcrt\exported-pem.crt -outform pem -in C:\ssl\cas_sslcrt\server-export.crt -inform der

Update the httpd.conf file

Change the httpd.conf file and add this crt there.

Appendix

Versions of software with which this tutorial has been verified

  • Visual C++ 2008 Express Edition
  • Apache_2.0.61-win32-x86-openssl-0.9.7m.msi
  • Win32OpenSSL-0_9_8g.exe

References

I followed the steps to convert the crt file to PEM from here

http://conshell.net/wiki/index.php/Keytool_to_OpenSSL_Conversion_tips

Examples

My httpd.conf file

 
CASCookiePath cache/
CASCertificatePath C:/ssl/cas_sslcrt/exported-pem.crt
CASValidateServer on
 
<Location /secured >
                        AuthType CAS
                        Require valid-user
</Location>

So when I give the url pattern /secured/.. You get redirected to CAS login and everything works fine.

Acknowledgments

Based on a cas@ email list post by Srikar Kummamuri.

Thanks to Matt, Scott, Phillip and all for the help.

Sucked into Confluence by Andrew Petro.