[jira] [Commented] (AMQ-6118) ActiveMQ SSL CRL Checking via OCSP
[ https://issues.apache.org/jira/browse/AMQ-6118?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15263939#comment-15263939 ] Marko Jovanovic commented on AMQ-6118: -- Wow, thank you! Dejan you're the man. Could you introduce me into the Windows Distribution? I'm confused setting the ACTIVEMQ_SSL_OPTS. Where do I have to set all the configurations in Windows Distribution? Thanks for reply. much regards > ActiveMQ SSL CRL Checking via OCSP > -- > > Key: AMQ-6118 > URL: https://issues.apache.org/jira/browse/AMQ-6118 > Project: ActiveMQ > Issue Type: New Feature > Components: Broker >Affects Versions: 5.12.1 > Environment: Windows Server 2012R2 with ActiveMQ Windows Distribution >Reporter: Marko Jovanovic >Assignee: Dejan Bosanac > Fix For: 5.14.0 > > Attachments: jvm_args.png > > > For some unknown reason, the CRL Check via OCSP isn't working in Windows > ActiveMQ 5.12.1 > After reviewing the Linux distribution of Activemq there was a configuration > line found in the file bin/env. > The Config in Linux Distribution looked like: > # Set additional JSE arguments > #ACTIVEMQ_SSL_OPTS="-Dcom.sun.security.enableCRLDP=true -Docsp.enable=true > -Docsp.responderURL=http://ocsp.example.net:80; > Where to set it in Windows file distribution? > Tried to set it in activemq file but no success. I couldn't see any request > going to the responder URL which I configured. > Think there is a general Problem with the code concerning OCSP functionality. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (AMQ-6118) ActiveMQ SSL CRL Checking via OCSP
[ https://issues.apache.org/jira/browse/AMQ-6118?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15158455#comment-15158455 ] Marko Jovanovic commented on AMQ-6118: -- Hey Christopher, thanks for your opinion. The post you linked in above, is from me. Could you tell me how to raise this request into "needs_review" section? Or how to create a feature request? I spent some time on an alternative idea with the static crl list. I could bring in an idea for adding the crl list loadup to the runtime configuration. So it's possible for the users to load it manually without broker restart. That's an alternative way to get client certificates managed. It would be very glad, when this feature would be reviewed in total. > ActiveMQ SSL CRL Checking via OCSP > -- > > Key: AMQ-6118 > URL: https://issues.apache.org/jira/browse/AMQ-6118 > Project: ActiveMQ > Issue Type: Bug > Components: Broker >Affects Versions: 5.12.1 > Environment: Windows Server 2012R2 with ActiveMQ Windows Distribution >Reporter: Marko Jovanovic > Attachments: jvm_args.png > > > For some unknown reason, the CRL Check via OCSP isn't working in Windows > ActiveMQ 5.12.1 > After reviewing the Linux distribution of Activemq there was a configuration > line found in the file bin/env. > The Config in Linux Distribution looked like: > # Set additional JSE arguments > #ACTIVEMQ_SSL_OPTS="-Dcom.sun.security.enableCRLDP=true -Docsp.enable=true > -Docsp.responderURL=http://ocsp.example.net:80; > Where to set it in Windows file distribution? > Tried to set it in activemq file but no success. I couldn't see any request > going to the responder URL which I configured. > Think there is a general Problem with the code concerning OCSP functionality. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (AMQ-6118) ActiveMQ SSL CRL Checking via OCSP
[ https://issues.apache.org/jira/browse/AMQ-6118?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15119203#comment-15119203 ] Marko Jovanovic commented on AMQ-6118: -- Okay, I've set the OCSP command in the activemq.bat and started the broker via activemq-admin.bat. Now my JVM has this arguments stored. I'm able to see it through jconsole. My Client, which is revoked by the ocsp responder, connects successfully as before - without any log entry. Also I can't see any try to connect my ocsp responder via http port 80 in my Firewall logs. Any ideas how to get it work? What could it be? (And how does it work with linux?) I've attached a screenshot showing my jconsole output with the jvm arguments successfully applied. > ActiveMQ SSL CRL Checking via OCSP > -- > > Key: AMQ-6118 > URL: https://issues.apache.org/jira/browse/AMQ-6118 > Project: ActiveMQ > Issue Type: Bug > Components: Broker >Affects Versions: 5.12.1 > Environment: Windows Server 2012R2 with ActiveMQ Windows Distribution >Reporter: Marko Jovanovic > > For some unknown reason, the CRL Check via OCSP isn't working in Windows > ActiveMQ 5.12.1 > After reviewing the Linux distribution of Activemq there was a configuration > line found in the file bin/env. > The Config in Linux Distribution looked like: > # Set additional JSE arguments > #ACTIVEMQ_SSL_OPTS="-Dcom.sun.security.enableCRLDP=true -Docsp.enable=true > -Docsp.responderURL=http://ocsp.example.net:80; > Where to set it in Windows file distribution? > Tried to set it in activemq file but no success. I couldn't see any request > going to the responder URL which I configured. > Think there is a general Problem with the code concerning OCSP functionality. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (AMQ-6118) ActiveMQ SSL CRL Checking via OCSP
[ https://issues.apache.org/jira/browse/AMQ-6118?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marko Jovanovic updated AMQ-6118: - Attachment: jvm_args.png > ActiveMQ SSL CRL Checking via OCSP > -- > > Key: AMQ-6118 > URL: https://issues.apache.org/jira/browse/AMQ-6118 > Project: ActiveMQ > Issue Type: Bug > Components: Broker >Affects Versions: 5.12.1 > Environment: Windows Server 2012R2 with ActiveMQ Windows Distribution >Reporter: Marko Jovanovic > Attachments: jvm_args.png > > > For some unknown reason, the CRL Check via OCSP isn't working in Windows > ActiveMQ 5.12.1 > After reviewing the Linux distribution of Activemq there was a configuration > line found in the file bin/env. > The Config in Linux Distribution looked like: > # Set additional JSE arguments > #ACTIVEMQ_SSL_OPTS="-Dcom.sun.security.enableCRLDP=true -Docsp.enable=true > -Docsp.responderURL=http://ocsp.example.net:80; > Where to set it in Windows file distribution? > Tried to set it in activemq file but no success. I couldn't see any request > going to the responder URL which I configured. > Think there is a general Problem with the code concerning OCSP functionality. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (AMQ-6118) ActiveMQ SSL CRL Checking via OCSP
[ https://issues.apache.org/jira/browse/AMQ-6118?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15115136#comment-15115136 ] Marko Jovanovic commented on AMQ-6118: -- Thank you Christopher. Do you mean to set it like this in activemq.bat: set ACTIVEMQ_SSL_OPTS="-Dcom.sun.security.enableCRLDP=true -Docsp.enable=true -Docsp.responderURL=http://myOCSP-url; When I echo the ACTIVEMQ_SSL_OPTS, I get exactly my configured line. Could you please tell me when I have to execute the activemq.bat? Also I asked myself when does Activemq check the CRL via OCSP (when Client is connecting or earlier)? Sorry for that many questions but I got no luck on the mailinglists. many thanks in advance, Marko > ActiveMQ SSL CRL Checking via OCSP > -- > > Key: AMQ-6118 > URL: https://issues.apache.org/jira/browse/AMQ-6118 > Project: ActiveMQ > Issue Type: Bug > Components: Broker >Affects Versions: 5.12.1 > Environment: Windows Server 2012R2 with ActiveMQ Windows Distribution >Reporter: Marko Jovanovic > > For some unknown reason, the CRL Check via OCSP isn't working in Windows > ActiveMQ 5.12.1 > After reviewing the Linux distribution of Activemq there was a configuration > line found in the file bin/env. > The Config in Linux Distribution looked like: > # Set additional JSE arguments > #ACTIVEMQ_SSL_OPTS="-Dcom.sun.security.enableCRLDP=true -Docsp.enable=true > -Docsp.responderURL=http://ocsp.example.net:80; > Where to set it in Windows file distribution? > Tried to set it in activemq file but no success. I couldn't see any request > going to the responder URL which I configured. > Think there is a general Problem with the code concerning OCSP functionality. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
