ANU completes successful upgrade to 2.6

I am very pleased to announce that The Australian National University has recently completed a major upgrade to Sakai (which we call Alliance), moving from Sakai 2.4 to Sakai 2.6.

We have also deployed several new tools including Profile2, Site Stats and the Wimba integration as well as a number of other new features that are coming in Sakai 2.7. We also heavily customised the portal and completely redeveloped the skin in line with the new ANU branding which is progressively being rolled out this year.

Alliance is the first major application at ANU to go live with the new styles and is a testament to the ability for us to customise the Sakai portal and styles as much as we required.

You can see the new skin here:

For any detailed information on our upgrade, toolset or modifications, please feel free to contact me directly.

A run-in with Tomcat SSL and Java keytool

I recently had the pleasure of setting up a Jasig CAS server on campus. The install went without a hitch. I initially brought it online with a self signed certificate, which was a no brainer as the Tomcat docs are great.

Once we got our SSL certificate though, I realised that the private key and keystore I had initially generated for the self signed certificate wasn’t used for the the Certificate Signing Request that the sysadmin’s had sent away to the Certificate Authority. So I had a private key for the SSL certificate but the one in the keystore was different. Problem 1. And it’s not possible to import a private key into a keystore using keytool because it doesn’t have this ability. Problem 2.

Thankfully, this is fixed in Java 6: keytool can now import a PKCS12 file into a keystore. But first you need to get your certificate and private key into that format. You can use OpenSSL for this:

openssl pkcs12 -inkey /path/to/private/key -in /path/to/certificate -export -out bundle.p12

Now we have a file called bundle.p12 which we will import into our keystore via keytool:

keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore /path/to/keystore -srckeystore /path/to/bundle.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias 1

The alias 1 is required to tell keytool to import the first certificate in the PKCS12 file.

Finally the Tomcat config:

<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS”
keystoreFile=”/path/to/keystore” keystorePass=”changeit” />