"Tech" CAS multi-machine deployment server and Java client side

Yesterday I tried to deploy the Java client side of CAs to another machine, and the result was a problem. (localhost deployment CAS server and Java client side see: http://www.cnblogs.com/sunshineatnoon/p/4119565.html)

The main client access time error: Javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:No subject Alternative names present.

Later found a solution on the StackOverflow: http://stackoverflow.com/questions/9331087/ How-to-setup-ssl-for-cas-and-client-different-machines?rq=1

Explain this error according to the JASIG documentation:

Sample Alt Name Stack Tracejavax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:No subject Alternative names present
In the most cases a HOSTNAME/SSL certificate CN mismatch. This commonly happens if a self-signed certificate issued to localhost are placed on a machine that's accessed by IP add Ress. It should is noted that generating a certificate with the IP address for a common name, e.g. cn=192.168.1.1,ou=middleware,d C=vt,dc=edu, would not work in most cases where the client making the connection is Java. For example the Java CAS client would throw out SSL errors on connecting to a CAS server secured with a certificate containing An IP address in the CN.

is due to the generated certificate in the domain name (CN) and server domain name or later client access to the domain name inconsistency caused by, and here also said, can not use the IP address as the certificate when the CN, only use the domain name.

So the way to change is to use a domain name to generate certificates, and configure the client computer hosts and Lmhosts.sam files to resolve the server domain name, the following steps:

1. Edit the C:\Windows\System32\Drivers\etc\hosts of the client side machine and add a line:

Your_ip (xxx.xxx.xxx.xxx) your_cn (sunshineatnoon.com)

2. Edit the C:\Windows\System32\Drivers\etc\lmhosts.sam of the client side machine and add a line:

Your_ip (xxx.xxx.xxx.xxx) your_cn (sunshineatnoon.com)

3. Regenerate the certificate with Keytool on the machine where the server is located:

" Tomcat " " RSA " " G:\tomcat.keystore "

In answer to "What's your name?" This question when replying to your domain name above: sunshineatnoon.com

4. Configure the Server.xml file under TOMCAT under%tomcat_path%/conf for the server-side machine, refer to http://www.cnblogs.com/sunshineatnoon/p/ 4064632.html 3 (1) (2), if the generated certificate and the previous location password have not changed, you do not have to reconfigure.

5. Re-use the file Installcert.java to generate the certificate to the client side of the machine $java_home\jre\lib\security, refer to http://www.cnblogs.com/ Sunshineatnoon/p/4070750.html the 2nd bug I've solved.

The URL to request ticket in a Java program at 6.client is changed from Https://localhost:8443/cas/v1/tickets to https://sunshineatnoon.com:8443/cas/v1/ Tickets, the changed Client.java is as follows:

1  PackageCAs;2 3 4 ImportJava.io.BufferedReader;5 ImportJava.io.BufferedWriter;6 Importjava.io.IOException;7 ImportJava.io.InputStreamReader;8 ImportJava.io.OutputStreamWriter;9 Importjava.net.MalformedURLException;Ten ImportJava.net.URL; One Importjava.net.URLConnection; A ImportJava.net.URLEncoder; -  - Importjavax.net.ssl.HttpsURLConnection; the  -  Public classClient { -          -      +      Public Static voidMain (String ... args)throwsException -     { +String username = "test01"; AString password = "psw01"; at Validatefromcas (Username,password); -     } -      -      Public Static BooleanValidatefromcas (string Username, string password)throwsException -     { -          in         //String url = "Https://localhost: 8443/cas/v1/tickets "; -         String url = "Https://sunshineatnoon.com:8443/cas/v1/tickets"; to         Try  +         { -Httpsurlconnection HSU =(httpsurlconnection) openconn (URL); theString s = Urlencoder.encode ("username", "UTF-8") + "=" + Urlencoder.encode ("test01", "UTF-8"); *s+= "&" +urlencoder.encode ("password", "UTF-8") + "=" + Urlencoder.encode ("psw01", "UTF-8"); $             Panax Notoginseng System.out.println (s); -OutputStreamWriter out =NewOutputStreamWriter (Hsu.getoutputstream ()); theBufferedWriter BWR =NewBufferedWriter (out); + Bwr.write (s); A Bwr.flush (); the bwr.close (); + out.close (); -              $String TGT = Hsu.getheaderfield ("Location"); $ System.out.println (Hsu.getresponsecode ()); -             if(TGT! =NULL&& Hsu.getresponsecode () = = 201) -             { the System.out.println (TGT); -                 WuyiSystem.out.println ("TGT is:" + tgt.substring (Tgt.lastindexof ("/") +1)); theTGT = tgt.substring (Tgt.lastindexof ("/") +1); - bwr.close (); Wu Closeconn (HSU); -                  About                  $                 //String serviceurl = "http://localhost: 8080/casclient "; -String serviceurl = "http://www.baidu.com"; -String Encodedserviceurl = urlencoder.encode ("service", "utf-8") + "=" + Urlencoder.encode (serviceurl, "Utf-8"); -System.out.println ("Service URL is:" +encodedserviceurl); A                  +                  the                  -String Myurl = url+ "/" +TGT; $ System.out.println (myurl); theHSU =(httpsurlconnection) openconn (myurl); theout =NewOutputStreamWriter (Hsu.getoutputstream ()); theBWR =NewBufferedWriter (out); the Bwr.write (encodedserviceurl); - Bwr.flush (); in bwr.close (); the out.close (); the                  AboutSystem.out.println ("Response code is:" +Hsu.getresponsecode ()); the                  theBufferedReader ISR =NewBufferedReader (NewInputStreamReader (Hsu.getinputstream ())); the String Line; + System.out.println (Hsu.getresponsecode ()); -                  while(line = Isr.readline ())! =NULL) { the System.out.println (line);Bayi                 } the isr.close (); the Hsu.disconnect (); -                 return true; -                  the             } the             Else the             { the                 return false; -             } the              the              the         }94         Catch(malformedurlexception Mue) the         { the mue.printstacktrace (); the             ThrowMue;98               About         } -         Catch(IOException IoE)101         {102 ioe.printstacktrace ();103             ThrowIoE;104         } the         106         107         108         109          the     }111      the     113     StaticURLConnection openconn (String urlk)throwsmalformedurlexception, IOException the     { the          theURL url =NewURL (urlk);117Httpsurlconnection HSU =(httpsurlconnection) url.openconnection ();118Hsu.setdoinput (true);119Hsu.setdooutput (true); -Hsu.setrequestmethod ("POST");121         returnHsu;122         123         124     } the     126     127     Static voidCloseconn (httpsurlconnection c) -     {129 C.disconnect (); the     }131      the     133}

Notice that the red line changes the code.

7. The Java client side on the client side should be able to successfully get the TGT and St.

"Tech" CAS multi-machine deployment server and Java client side