Certify CAS with .pem files
19 views
Skip to first unread message
Fernando Bárcenas Martínez
Aug 3, 2021, 6:09:20 PM8/3/21
to CAS Community
Hi, I'm wondering if there is any way to add my SSL cert files that I use for Apache. I know that you usually do this using a jks file, but so far I've had mixed experiences importing .pems to jks and the Tomcat instance I use already use the credentials in .pem format.
The changes will need to be done to the productoin server, so I have little time to fiddle around in case my jks file is not correct.
Or will CAS "know" the Tomcat instance it's in is certified? Thanks!
The changes will need to be done to the productoin server, so I have little time to fiddle around in case my jks file is not correct.
Or will CAS "know" the Tomcat instance it's in is certified? Thanks!
Ray Bon
Aug 3, 2021, 7:20:08 PM8/3/21
to cas-...@apereo.org
Fernando,
I use commands from ssl shopper, https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
Cas does not use CA issued certificates, the container does.
What is the problem you are trying to solve (if tomcat already has the certificates, or are these self signed)?
Ray
On Tue, 2021-08-03 at 15:09 -0700, Fernando Bárcenas Martínez wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Fernando Bárcenas Martínez
Aug 3, 2021, 7:55:03 PM8/3/21
to CAS Community, Ray Bon
Thanks for the reply!
I'm not having any problems. I will deploy CAS to production in a few weeks and due some other infrastructure changes I'm forced (but happy) to do, I will need a new certificate. As I said, the Tomcat instances I have are already configured to be signed with CA certificates, and since Apache use them too, it means I only need to update those files to get it all working again.
I'm just lazy and due those 'mixed experiences' with jks containers I was curious if I could just use my certificates so CAS is signed as well once I get the new files. That being said, it just seems that I'll just need to spend some extra time and calmly work out the jks file, which is not really a bad thing.
I'm not having any problems. I will deploy CAS to production in a few weeks and due some other infrastructure changes I'm forced (but happy) to do, I will need a new certificate. As I said, the Tomcat instances I have are already configured to be signed with CA certificates, and since Apache use them too, it means I only need to update those files to get it all working again.
I'm just lazy and due those 'mixed experiences' with jks containers I was curious if I could just use my certificates so CAS is signed as well once I get the new files. That being said, it just seems that I'll just need to spend some extra time and calmly work out the jks file, which is not really a bad thing.
Ray Bon
Aug 3, 2021, 8:39:19 PM8/3/21
to barcmtz...@gmail.com, cas-...@apereo.org
Fernando,
Cas does not need its own certificates. You may have to add self signed certs (or the root CA) to the java keystore.
See here for some tips, https://apereo.github.io/cas/6.3.x/installation/Troubleshooting-Guide.html
Ray
Reply all
Reply to author
Forward
0 new messages