How to disable certificate check or trust a self-signed certificate?

[Emilian Mitocariu]

I have this message in my logs "Resource https://192.168.0.122/index.php/apps/user_saml/saml/metadata does not exist or is unreadable", and i think this problem may come from the fact that i use a self-signed certificate on the server that CAS is trying to access. Is there a way to make cas skip certificate checking (i know this is insecure, this is just a testing environment) or to make it trust the certificate?

[Andrew Morgan]

Try loading your self-signed certificate into your Java keystore
(JAVA_HOME/jre/lib/security/cacerts by default).

Andy

[Emilian Mitocariu]

I tried to load the certificate with this command "keytool -import -alias "nccert" -file /opt/nc-cert/nccert.crt -keystore /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/cacerts", but it either didn't work or the self-signed certificate is not the problem of the error. Thanks for the idea anyway.

[Ben Howell-Thomas]

If it's this : https://apereo.github.io/cas/development/installation/Configuration-Properties.html#http-client

Then we needed to override HttpClientProperties to make it support a suitable Truststore for our self-signed certificate.

On 31 May 2017 at 08:06, Emilian Mitocariu <mitocari...@gmail.com> wrote:

I tried to load the certificate with this command "keytool -import -alias "nccert" -file /opt/nc-cert/nccert.crt -keystore /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/cacerts", but it either didn't work or the self-signed certificate is not the problem of the error. Thanks for the idea anyway.

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5713d20f-b63e-4813-99ee-186b0b8a8255%40apereo.org.

This email is sent on behalf of Northgate Public Services (UK) Limited and its associated companies including Rave Technologies (India) Pvt Limited (together "Northgate Public Services") and is strictly confidential and intended solely for the addressee(s). 

If you are not the intended recipient of this email you must: (i) not disclose, copy or distribute its contents to any other person nor use its contents in any way or you may be acting unlawfully;  (ii) contact Northgate Public Services immediately on +44(0)1908 264500 quoting the name of the sender and the addressee then delete it from your system.

Northgate Public Services has taken reasonable precautions to ensure that no viruses are contained in this email, but does not accept any responsibility once this email has been transmitted.  You should scan attachments (if any) for viruses.

Northgate Public Services (UK) Limited, registered in England and Wales under number 00968498 with a registered address of Peoplebuilding 2, Peoplebuilding Estate, Maylands Avenue, Hemel Hempstead, Hertfordshire, HP2 4NN.  Rave Technologies (India) Pvt Limited, registered in India under number 117068 with a registered address of 2nd Floor, Ballard House, Adi Marzban Marg, Ballard Estate, Mumbai, Maharashtra, India, 400001.