"Tech" CAS multi-machine deployment server and Java client side

Source: Internet
Author: User
Tags cas response code ssl certificate

Yesterday I tried to deploy the Java client side of CAs to another machine, and the result was a problem. (localhost deployment CAS server and Java client side see: http://www.cnblogs.com/sunshineatnoon/p/4119565.html)

The main client access time error: Javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:No subject Alternative names present.

Later found a solution on the StackOverflow: http://stackoverflow.com/questions/9331087/ How-to-setup-ssl-for-cas-and-client-different-machines?rq=1

Explain this error according to the JASIG documentation:

Sample Alt Name Stack Tracejavax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:No subject Alternative names present
In the most cases a HOSTNAME/SSL certificate CN mismatch. This commonly happens if a self-signed certificate issued to localhost are placed on a machine that's accessed by IP add Ress. It should is noted that generating a certificate with the IP address for a common name, e.g. cn=192.168.1.1,ou=middleware,d C=vt,dc=edu, would not work in most cases where the client making the connection is Java. For example the Java CAS client would throw out SSL errors on connecting to a CAS server secured with a certificate containing An IP address in the CN.

is due to the generated certificate in the domain name (CN) and server domain name or later client access to the domain name inconsistency caused by, and here also said, can not use the IP address as the certificate when the CN, only use the domain name.

So the way to change is to use a domain name to generate certificates, and configure the client computer hosts and Lmhosts.sam files to resolve the server domain name, the following steps:

1. Edit the C:\Windows\System32\Drivers\etc\hosts of the client side machine and add a line:

Your_ip (xxx.xxx.xxx.xxx) your_cn (sunshineatnoon.com)

2. Edit the C:\Windows\System32\Drivers\etc\lmhosts.sam of the client side machine and add a line:

Your_ip (xxx.xxx.xxx.xxx) your_cn (sunshineatnoon.com)

3. Regenerate the certificate with Keytool on the machine where the server is located:

" Tomcat " " RSA " " G:\tomcat.keystore "

In answer to "What's your name?" This question when replying to your domain name above: sunshineatnoon.com

4. Configure the Server.xml file under TOMCAT under%tomcat_path%/conf for the server-side machine, refer to http://www.cnblogs.com/sunshineatnoon/p/ 4064632.html 3 (1) (2), if the generated certificate and the previous location password have not changed, you do not have to reconfigure.

5. Re-use the file Installcert.java to generate the certificate to the client side of the machine $java_home\jre\lib\security, refer to http://www.cnblogs.com/ Sunshineatnoon/p/4070750.html the 2nd bug I've solved.

The URL to request ticket in a Java program at 6.client is changed from Https://localhost:8443/cas/v1/tickets to https://sunshineatnoon.com:8443/cas/v1/ Tickets, the changed Client.java is as follows:

1  PackageCAs;2 3 4 ImportJava.io.BufferedReader;5 ImportJava.io.BufferedWriter;6 Importjava.io.IOException;7 ImportJava.io.InputStreamReader;8 ImportJava.io.OutputStreamWriter;9 Importjava.net.MalformedURLException;Ten ImportJava.net.URL; One Importjava.net.URLConnection; A ImportJava.net.URLEncoder; -  - Importjavax.net.ssl.HttpsURLConnection; the  -  Public classClient { -          -      +      Public Static voidMain (String ... args)throwsException -     { +String username = "test01"; AString password = "psw01"; at Validatefromcas (Username,password); -     } -      -      Public Static BooleanValidatefromcas (string Username, string password)throwsException -     { -          in         //String url = "Https://localhost: 8443/cas/v1/tickets "; -         String url = "Https://sunshineatnoon.com:8443/cas/v1/tickets"; to         Try  +         { -Httpsurlconnection HSU =(httpsurlconnection) openconn (URL); theString s = Urlencoder.encode ("username", "UTF-8") + "=" + Urlencoder.encode ("test01", "UTF-8"); *s+= "&" +urlencoder.encode ("password", "UTF-8") + "=" + Urlencoder.encode ("psw01", "UTF-8"); $             Panax Notoginseng System.out.println (s); -OutputStreamWriter out =NewOutputStreamWriter (Hsu.getoutputstream ()); theBufferedWriter BWR =NewBufferedWriter (out); + Bwr.write (s); A Bwr.flush (); the bwr.close (); + out.close (); -              $String TGT = Hsu.getheaderfield ("Location"); $ System.out.println (Hsu.getresponsecode ()); -             if(TGT! =NULL&& Hsu.getresponsecode () = = 201) -             { the System.out.println (TGT); -                 WuyiSystem.out.println ("TGT is:" + tgt.substring (Tgt.lastindexof ("/") +1)); theTGT = tgt.substring (Tgt.lastindexof ("/") +1); - bwr.close (); Wu Closeconn (HSU); -                  About                  $                 //String serviceurl = "http://localhost: 8080/casclient "; -String serviceurl = "http://www.baidu.com"; -String Encodedserviceurl = urlencoder.encode ("service", "utf-8") + "=" + Urlencoder.encode (serviceurl, "Utf-8"); -System.out.println ("Service URL is:" +encodedserviceurl); A                  +                  the                  -String Myurl = url+ "/" +TGT; $ System.out.println (myurl); theHSU =(httpsurlconnection) openconn (myurl); theout =NewOutputStreamWriter (Hsu.getoutputstream ()); theBWR =NewBufferedWriter (out); the Bwr.write (encodedserviceurl); - Bwr.flush (); in bwr.close (); the out.close (); the                  AboutSystem.out.println ("Response code is:" +Hsu.getresponsecode ()); the                  theBufferedReader ISR =NewBufferedReader (NewInputStreamReader (Hsu.getinputstream ())); the String Line; + System.out.println (Hsu.getresponsecode ()); -                  while(line = Isr.readline ())! =NULL) { the System.out.println (line);Bayi                 } the isr.close (); the Hsu.disconnect (); -                 return true; -                  the             } the             Else the             { the                 return false; -             } the              the              the         }94         Catch(malformedurlexception Mue) the         { the mue.printstacktrace (); the             ThrowMue;98               About         } -         Catch(IOException IoE)101         {102 ioe.printstacktrace ();103             ThrowIoE;104         } the         106         107         108         109          the     }111      the     113     StaticURLConnection openconn (String urlk)throwsmalformedurlexception, IOException the     { the          theURL url =NewURL (urlk);117Httpsurlconnection HSU =(httpsurlconnection) url.openconnection ();118Hsu.setdoinput (true);119Hsu.setdooutput (true); -Hsu.setrequestmethod ("POST");121         returnHsu;122         123         124     } the     126     127     Static voidCloseconn (httpsurlconnection c) -     {129 C.disconnect (); the     }131      the     133}

Notice that the red line changes the code.

7. The Java client side on the client side should be able to successfully get the TGT and St.

"Tech" CAS multi-machine deployment server and Java client side

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.