Menu
how to setup ssl certificate(self signed) in different machines for CAS server and client
CAS and Clients are working fine with single machine , if using different machine it is throwing certificate error.
whether single self signed certificate is enought for both client and server machine ?
any specific client and server settings changes are required like server machine name and client machine name for certificate creation
583
Can you please add the exception you are getting and in which node?
As a general advice, please note that:
1) you have to install the certificate on the client JVM machine if you are using https communication on the server side between the cas client and the CAS server
2) JVM will not accept (at runtime) self signed certificate with the ip in the CN (common name).
See https://wiki.jasig.org/display/CASUM/SSL+Troubleshooting+and+Reference+Guide for more details
So from the exception you posted it seems the folowing case (quoted from the CAS Troubleshooting link above):
No subject alternative names present Sample Alt Name Stack Trace javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present In most cases this is a hostname/SSL certificate CN mismatch.
This commonly happens when a self-signed certificate issued to localhost is placed on a machine that is accessed by IP address. It should be noted that generating a certificate with an IP address for a common name, e.g. CN=192.168.1.1,OU=Middleware,dc=vt,dc=edu, will not work in most cases where the client making the connection is Java. For example the Java CAS client will throw SSL errors on connecting to a CAS server secured with a certificate containing an IP address in the CN.
Have you resolved changing the certificate with a domain name instead of the ip and then reinstalling it in the system truststore for the CAS client and in the keystore for the CAS server?
94
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
