CAS Server部署（支持Tomcat的SSL）

 1、创建服务端证书

JRE_HOME命令行操作记录：

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:/Documents and Settings/ukari>cd /program*
The filename, directory name, or volume label syntax is incorrect.

C:/Program Files>cd java

C:/Program Files/Java>cd jdk*

C:/Program Files/Java/jdk1.5.0_11>cd bin

C:/Program Files/Java/jdk1.5.0_11/bin>keytool -genkey -alias tomcat -keypass changeit -keyalg RSA
Enter keystore password:  changeit
What is your first and last name?
  [Unknown]:  techwangbin
What is the name of your organizational unit?
  [Unknown]:  Information Systems
What is the name of your organization?
  [Unknown]:  Pacific Disaster Center
What is the name of your City or Locality?
  [Unknown]:  Kihei
What is the name of your State or Province?
  [Unknown]:  HI
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=localhost, OU=Information Systems, O=Pacific Disaster Center, L=Kihei, ST=HI, C=US correct?
  [no]:  yes

C:/Program Files/Java/jdk1.5.0_11/bin>keytool -export -alias tomcat -keypass changeit -file server.crt
Enter keystore password: changeit
Certificate stored in file <server.crt>

C:/Program Files/Java/jdk1.5.0_11/bin>keytool -import -file server.crt -keypass changeit -keystore ../jre/lib/security/cacerts
Enter keystore password: changeit
Owner: CN=localhost, OU=Information Systems, O=Pacific Disaster Center, L=Kihei, ST=HI, C=US
Issuer: CN=localhost, OU=Information Systems, O=Pacific Disaster Center, L=Kihei, ST=HI, C=US
Serial number: 462030d8
Valid from: Fri Apr 13 15:39:36 HST 2007 until: Thu Jul 12 15:39:36 HST 2007
Certificate fingerprints:
MD5: CC:3B:FB:FB:AE:12:AD:FB:3E:D 5:98:CB:2E:3B:0A:AD
SHA1: A1:16:80:68:39:C7:58:EA:2F:48:59:AA:1D:73:5F:56:78:CE:A4:CE
Trust this certificate? [no]: yes
Certificate was added to keystore

C:/Program Files/Java/jdk1.5.0_11/bin>


说明：
techwangbin 是我的机器名
在环境变量中配置JRE_HOME=D:/Java/jdk1.6.0_11/jre ，让tomcat使用已经导入了server.crt的JRE

2、在tomcat6.0.18的conf/server.xml中加入

              <Connector protocol="org.apache.coyote.http11.Http11Protocol"
           port="8443" minSpareThreads="5" maxSpareThreads="75"
           enableLookups="true" disableUploadTimeout="true"
           acceptCount="100"  maxThreads="200" maxHttpHeaderSize="8192"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="C:/Documents and Settings/wbin/.keystore" keystorePass="changeit"
           truststoreFile="D:/Java/jdk1.6.0_11/jre/lib/security/cacerts"
           clientAuth="false" sslProtocol="TLS"/> 

3、下载CAS Server
到http://www.jasig.org/cas/download 下载CAS Server 3.3.2 Final 到本地，解压到D:/cas-server-3.3.2。
确认已经安装maven
cd D:/cas-server-3.3.2 
D:/cas-server-3.3.2 >mvn install -Dmaven.test.skip=true 

D:/cas-server-3.3.2 >copy modules/cas-server-webapp-3.3.2.war   D:/apache-tomcat-6.0.18/webapps/cas.war

4、启动tomcat，发现https://localhost:8443/cas/login可以访问但是https://techwangbin:8443/cas/login一直没有响应。
最后忽然想到可能是无法通过dns将techwangbin映射到127.0.0.1，
于是修改本地DNS的HOSTS文件 C:/WINDOWS/system32/drivers/etc/hosts
添加新行
 127.0.0.1techwangbin

现在，https://techwangbin:8443/cas/login一个以访问了