The client needs to be configured to accept the certificate that’s used by the cas server it’s connecting to: $cas_host and $cas_port in the example.
Generally you will want to configure it with the Certificate Authority (CA) certificate of the authority that issued the certificate, not the individual host certificate.
You can see the whole certificate chain of an ssl server using the OpenSSL “s_client” command line tool:
openssl s_client -connect
login.myschool.edu:443 -showcerts