I'm using Jetty server to run CAS (http://jasig.github.io/cas/4.1.x/index.html).To enable ssl support I have generate a certifice with the follows commands:
openssl genrsa -des3 -out jetty.keyopenssl req -new -x509 -key jetty.key -out jetty.crtkeytool -keystore keystore -import -alias jetty -file jetty.crt -trustcacertsopenssl req -new -key jetty.key -out jetty.csropenssl pkcs12 -inkey jetty.key -in jetty.crt -export -out jetty.pkcs12keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystoreThen, in etc/jetty-ssl.xml I set my .crt file.
However trying use CAS over a PHP app I'm barred by SSL issues.
As my cert is self signed, how can I add it as a secure certificate?
Edit
I run curl: curl -v "https ://mydomain.org/myapp/myservice".
And the output was:
* About to connect() to mydomain.com port 443 (#0)* Trying myip... connected* Connected to mydomain.com (myip) port 443 (#0)* Initializing NSS with certpath: sql:/etc/pki/nssdb* CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none* Certificate is signed by an untrusted issuer: 'CN=mycn,O=myo,L=myl,ST=myst,C=myc'* NSS error -8172* Closing connection #0* Peer certificate cannot be authenticated with known CA certificatescurl: (60) Peer certificate cannot be authenticated with known CA certificatesMore details here: http://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option.If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.I know this happens because certificate is self-signed, but I like to know if there a way to ignore it just in my dev environment.
Edit 2
The error CURL error #35: Encountered end of file makes any sense?