Trusting CAS Self-signed Certs

Yales' CAS client attempts to verify the service ticket it received from CAS, and when it tries to connect to the CAS server, it encounters SSL handshake error caused by using a self-signed SSL certificate on the CAS server. The Java process running tomcat does not trust the certificate presented by the CAS server. This is part of Java security.

A work around the issue would be to tell Java to trust the self-signed certificate as below:

# keytool -importcert -trustcacerts -alias {cert_alias_name} -file \
          /path/to/self-signed.cer -keypass changeit -keystore  \
          /usr/local/java/jre/lib/security/cacerts

Use the below command to list:

$ keytool -list -keystore /usr/local/java/jre/lib/security/cacerts | grep -A 1 {cert_alias_name}

Comment