phpCAS: dumb question --- which certificate to use for validation of server?

[ja]

Hi, I'm integrating SSO authentication for my PHP application to connect to a school's CAS server, and I have everything working in my test application, but I currently have server validation disabled in the settings.

The systems manager at the school never provided me with a certificate to use for validation, but I definitely want to use one because, "VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL".

Where do I get the certificate file to point to? Is it the same certificate used for browsing to the website via https:// ?

e.g., if the login portal is: login.myschool.edu, can I just browse to https://login.myschool.edu and download the certificate from Google Chrome from the lock icon?

Or is there some other CAS certificate that should be used? Thanks so much!

[David Gelhar]

The client needs to be configured to accept the certificate that’s used by the cas server it’s connecting to: $cas_host and $cas_port in the example.

Generally you will want to configure it with the Certificate Authority (CA) certificate of the authority that issued the certificate, not the individual host certificate.

You can see the whole certificate chain of an ssl server using the OpenSSL “s_client” command line tool:

openssl s_client -connect login.myschool.edu:443 -showcerts