After digging around, I think I figured this out. I have to add a crlDistributionPoints section to my openSSL configuration file and regenerate my CA that I am using. Does that sound correct? Can anyone share any steps or tutorials on how to do this -- other than the OpenSSL documentation itself?
________________________________ From: Schawn E. Thropp <se_thr...@yahoo.com> To: cas-user@lists.jasig.org Sent: Thursday, February 7, 2013 2:24 PM Subject: Re: [cas-user] CAS support for CRL Marvin, Thanks, I am going to give this a try. One, maybe simple question. I see how this will set up CAS for CRL checking, but how does the CRL file containing all of the revoked certificates get used by this implementation? I don't see that connection. Thanks Schawn- From: Marvin Addison <marvin.addi...@gmail.com> To: cas-user@lists.jasig.org Sent: Thursday, January 10, 2013 2:45 PM Subject: Re: [cas-user] CAS support for CRL > I have been checking around the CAS documentation, but I am not finding > anything dealing with Certificate Revocation Lists. Does CAS support the > ability to utilize CRLs? Yes. I developed support for CRL checking a while back, but have neglected to document it. There's a lot to consider in terms of system configuration that balances security and availability, but it's straightforward to get started. The sample deployerConfigContext.xml that ships with the X.509 provides an example: https://github.com/Jasig/cas/blob/master/cas-server-support-x509/src/main/resources/deployerConfigContext.xml Please review and let me know if you have questions. At present, the components can only fetch CRL data over HTTP/HTTPS, but there is an open issue to support CRL data stored in an LDAP directory, https://issues.jasig.org/browse/CAS-985. Let me know if you need support for LDAP. M -- You are currently subscribed to cas-user@lists.jasig.org as: se_thr...@yahoo.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: se_thr...@yahoo.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
