Skip to end of metadata
Go to start of metadata
Table of Contents

Stepwise instructions

Follow the instructions in the readme

Follow all the instructions given in the Mod_auth_Cas -1.0.6. In this, I followed the instruction in readme.win32 since I am working on windows.

Export the crt file

Go to the CAS Server machine and export the crt file from the keystore. With the command

keytool -export -alias tomcarcert -keystore keystore -file exported-der.crt

Copy the crt file to the client machine

Now copy this exported-der.crt to the client machine where the Apache mod_auth_cas is running.

Use OpenSSL to transform the format of the cert

Open the open ssl.

cd C:/openssl/bin


issue the command

x509 -out C:\ssl\cas_sslcrt\exported-pem.crt -outform pem -in C:\ssl\cas_sslcrt\server-export.crt -inform der

Update the httpd.conf file

Change the httpd.conf file and add this crt there.


Versions of software with which this tutorial has been verified

  • Visual C++ 2008 Express Edition
  • Apache_2.0.61-win32-x86-openssl-0.9.7m.msi
  • Win32OpenSSL-0_9_8g.exe


I followed the steps to convert the crt file to PEM from here


My httpd.conf file

CASCookiePath cache/
CASCertificatePath C:/ssl/cas_sslcrt/exported-pem.crt
CASValidateServer on
<Location /secured >
                        AuthType CAS
                        Require valid-user

So when I give the url pattern /secured/.. You get redirected to CAS login and everything works fine.


Based on a cas@ email list post by Srikar Kummamuri.

Thanks to Matt, Scott, Phillip and all for the help.

Sucked into Confluence by Andrew Petro.

  • No labels