CAS 4.2.6 Non-Secure Connection

[Brandon Martin]

I've spent most of the day trying to figure this out, but thus far it has beaten me.

I am on the final stages of my CAS deployment, LDAP working, password policies working, prettied up the theme, but when putting the server up behind my load balancer I'm still getting "Non-Secure Connection".

I've changed my jetty.xml slightly in thinking disabling the port 8080 connector would do the trick, nope. It's now serving only on port 8443 but won't accept https connections.

Attached are the Jetty xml files. I've tried adding different connectors from here with no luck: http://www.eclipse.org/jetty/documentation/9.1.5.v20140505/configuring-connectors.html

Here's what I see in the logs too, doesn't look to be using https:

[STDERR] 2016-10-26 21:16:49.545:INFO:/cas:main: Initializing Spring FrameworkServlet 'cas'

[STDERR] 2016-10-26 21:16:49.740:INFO:oejsh.ContextHandler:main: Started o.e.j.m.p.JettyWebAppContext@64c87930{/cas,[file:///cas-overlay/src/main/webapp/, file:///cas-overlay/target/tmp/cas-server-webapp-4_2_6_war1/],AVAILABLE}

[STDERR] 2016-10-26 21:16:49.761:INFO:oejus.SslContextFactory:main: x509=X509@502f9271(root,h=[psd401.net],w=[psd401.net]) for SslContextFactory@313b6907(file:///etc/cas/jetty/thekeystore,file:///etc/cas/jetty/thekeystore)

[STDERR] 2016-10-26 21:16:49.765:INFO:oejus.SslContextFactory:main: x509=X509@3f64a088(tomcat,h=[],w=[]) for SslContextFactory@313b6907(file:///etc/cas/jetty/thekeystore,file:///etc/cas/jetty/thekeystore)

[STDERR] 2016-10-26 21:16:49.820:INFO:oejs.ServerConnector:main: Started ServerConnector@31e9f7ae{HTTP/1.1,[ssl, http/1.1]}{0.0.0.0:8443}

[STDERR] 2016-10-26 21:16:49.820:INFO:oejs.Server:main: Started @10826ms

[STDOUT] -1PB1KXG2D6QF6

I figured that if I added my nginx certificate to my keystore, that would do the trick. This didn't work either.

In previous CAS versions I remember having to change the server.xml, but I can't find how to change that file with 4.2.6. 

[Brandon Martin]

I am still struggling with this, when I try to visit the login page with https I get this in the logs: 

[STDERR] 2016-10-27 22:23:44.943:WARN:oejh.HttpParser:qtp3213500-21: Illegal character 0x16 in state=START for buffer HeapByteBuffer@43a25f11[p=1,l=190,c=8192,r=189]={\x16<<<\x03\x01\x00\xB9\x01\x00\x00\xB5\x03\x03\x08\xC2\xB6\xCa\x82\xB1+...\x02\x01\x00\x00\n\x00\x08\x00\x06\x00\x1d\x00\x17\x00\x18>>>ke Gecko) Chrome/...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}

[STDERR] 2016-10-27 22:23:44.945:WARN:oejh.HttpParser:qtp3213500-21: bad HTTP parsed: 400 Illegal character 0x16 for HttpChannelOverHttp@4d65a915{r=0,c=false,a=IDLE,uri=null}

in wget: OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

I tried to up the logging on jetty/apache in the log4j2, but the names I've found haven't made a difference.

I can see that Jetty is loading my x509 certs from thekeystore, but still https is not working.

I don't have much time left and need this working tomorrow. I don't understand where the documentation for this is. I see some on Eclipse website, but doesn't seem to make any difference: https://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Loading_Keys_and_Certificates