Hello everyone, Happy new year.
I have an issue I don't succeed to find out a solution with proxying. I'm running the latets 5.2 graddle overlay and have an apache reverse proxy in front of the CAS instance. WAN <==> FRONT (HTTPS) <==> CAS (AJP) The SSL is provided by Let's encrypt. I made a keystore and ad the cert into the keystore and then add it into my cas server. (Thanks to https://maximilian-boehm.com/en-gb/blog/create-a-java-keystore-jks-from-let-s-encrypt-certificates-1884000/ and https://apereo.github.io/cas/developer/Build-Process.html#configure-ssl) I added the certificate into the global keystore with success and check that the cert are either in the global keystore and the one use by cas. Both are knowing my domain. The /etc/hosts of my CAS instance have the domain associated to it IP. Here is my conf : *#server.port=8080cas.server.name: https://domain.tldcas.server.prefix: https://domain.tld/cas#Service Déclarationscas.serviceRegistry.initFromJson=truecas.serviceRegistry.config.location=file:/etc/cas/config# LDAP Authetification Sourcelogging.config: file:/etc/cas/config/log4j2.xml#Proxy part working with AJP reverse proxy :#Activate the options for secure connexions # https://discuss.pivotal.io/hc/en-us/articles/202650798--Archived-How-can-Tomcat-redirect-to-a-secure-connection-when-behind-a-reverse-proxy-web-server-1037406-cas.server.ajp.secure=truecas.server.ajp.enabled=true#cas.server.ajp.proxyPort=443cas.server.ajp.protocol=AJP/1.3cas.server.ajp.asyncTimeout=5000cas.server.ajp.scheme=httpscas.server.ajp.maxPostSize=20971520cas.server.ajp.port=8080cas.server.ajp.enableLookups=falsecas.server.ajp.redirectPort=443cas.server.ajp.allowTrace=truecas.server.ajp.attributes.attributeName=attributeValue# SSLserver.ssl.enabled=true#https://apereo.github.io/cas/developer/Build-Process.html#configure-ssl#https://github.com/apereo/cas-gradle-overlay-template#deploymentserver.ssl.keyStore=file:/etc/cas/cas-auth.jksserver.ssl.keyStorePassword=11111server.ssl.keyPassword=11111*With this conf, I succeed in using directly the web login but I also need to use Oauth and during the callback, I have a java.security.cert.CertificateException: No name matching And it's really weird because all the keystore are macthing my domain.tld. Any advice / help woul be appreciated. regards -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b6d1d23a-5ac8-4099-8db8-870cf389b058%40apereo.org.
