Troubleshooting SSL Issues in mod_auth_cas

Added by Andrew Petro, last edited by Andrew Petro on Jan 10, 2008  (view change)
Table of Contents

Stepwise instructions

Follow the instructions in the readme

Follow all the instructions given in the Mod_auth_Cas -1.0.6. In this, I followed the instruction in readme.win32 since I am working on windows.

Export the crt file

Go to the CAS Server machine and export the crt file from the keystore. With the command 

keytool -export -alias tomcarcert -keystore keystore -file exported-der.crt

Copy the crt file to the client machine

Now copy this exported-der.crt to the client machine where the Apache mod_auth_cas is running.

Use OpenSSL to transform the format of the cert

Open the open ssl. 

cd C:/openssl/bin

openssl

issue the command 

x509 -out C:\ssl\cas_sslcrt\exported-pem.crt -outform pem -in C:\ssl\cas_sslcrt\server-export.crt -inform der

Update the httpd.conf file

Change the httpd.conf file and add this crt there.

Appendix

Versions of software with which this tutorial has been verified

  • Visual C++ 2008 Express Edition
  • Apache_2.0.61-win32-x86-openssl-0.9.7m.msi
  • Win32OpenSSL-0_9_8g.exe

References

I followed the steps to convert the crt file to PEM from here

http://conshell.net/wiki/index.php/Keytool_to_OpenSSL_Conversion_tips

Examples

My httpd.conf file

 
CASCookiePath cache/
CASCertificatePath C:/ssl/cas_sslcrt/exported-pem.crt
CASValidateServer on
 
<Location /secured >
                        AuthType CAS
                        Require valid-user
</Location>

So when I give the url pattern /secured/.. You get redirected to CAS login and everything works fine.

Acknowledgments

Based on a cas@ email list post by Srikar Kummamuri.

Thanks to Matt, Scott, Phillip and all for the help.

Sucked into Confluence by Andrew Petro.
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.