Install CAS Server

Directory

1. Download the CAS Server
2. Create a CAS keystore
2.1 generate keypair
2.2 export certificates from keystore
2.3 import the certificate to JVM
3. Make Tomcat support HTTPS
4. Run the CAS Server

1. Download the CAS Server

Can download from CAS Official Website: http://www.jasig.org/cas, this may need to flip the wall, if you do not want to flip the wall, you can visit this address: http://downloads.jasig.org/cas/, the same sample can download.

1. Download CAS server latest: cas-server-3.5.2-release.zip

2. Decompress the package

3. Copy the cas-server-3.5.2/modules/cas-server-webapp-3.5.2.war to the webapps directory of Tomcat and rename it ROOT. war.

Before starting Tomcat, you need to do the following:

1. Create a CAS keystore

2. Make Tomcat support HTTPS

 

2. Create a CAS keystore

Using the JDK keytool command to generate a keystore is actually a keystore file, which must be accessed by a password.

The keystore contains multiple key pairs. Each keypair has an alias (alias). alias must be unique and have a password, both keystore and keypair have their own passwords.

JDK also has its own keystore in % JAVA_HOME % \ jre \ lib \ security \ cacerts. Its password is changeit. Of course, you can also use the keytool command to modify it.

We first generate keypair and its keystore for storing keypair, then export the certificate from the keystore, and finally import the certificate to the JDK's keystore. Tomcat will automatically read the JDK's keystore at runtime, to ensure that the deployed application can enjoy the security brought by the HTTPS protocol (SSL channel.

 

2.1 generate keypair

Use the following command to generate a key pair:

Keytool-genkeypair-alias cas-keyalg RSA-storepass changeit

By default, the generated keystore is the. keystore file in the user directory. For Win8, the default user directory is C: \ Users \ User Name.

After the preceding command is executed, A. keystore file is generated in the user directory (if the file does not exist before), including a keypair.

Note:

1. To simplify the operation, it is recommended that the keystore and keypair have the same password and are both changeit.

2. "What is your first name and last name ?", Enter a domain name, for example, www.xxx.com. In this example, enter cas and perform the following ing in the hosts file:

   127.0.0.1 cas

There are several commonly used keytool commands:

View keypair:

Keytool-list-storepass changeit

Delete keypair:

Keytool-delete-alias <alias>-storepass changeit

 

 

2.2 export certificates from keystore

Run the following command to export the certificate:

Keytool-exportcert-alias cas-file cas. crt-storepass changeit

The generated Certificate file is cas. crt and is located in the current directory where the command is run.

You can double-click the Certificate file to install the certificate to a trusted root certificate authority. This prevents a Red Cross when you use HTTPS to access the certificate in a browser.

 

2.3 import the certificate to JVM

Run the following command to import the certificate to the JVM keystore:

Keytool-importcert-alias cas-file cas. crt-keystore "% JAVA_HOME % \ jre \ lib \ security \ cacerts"-storepass changeit-noprompt

By default, Tomcat will read the keystore in JVM, instead of the. keystore in the user directory. You can also configure Tomcat to read the specified keystore (see the appendix ).

Note:

1. Before executing the preceding commands, you must ensure that the cacerts file has the write permission on the current user.

2. The JDK keystore password must be changeit, so Tomcat can be accessed without any configuration.

1 2 Next Page