Hi Mark Thomas,
Thanks for the pointer. However, that comment you posted there is 4 years old.
Any news on the matter since then at all? Has OCSP Stapling support for NIO
connectors since made it into Java 9?
Mark Boon
On 5/30/18, 12:46 AM, "Mark Thomas" wrote:
On 29/05/18 00:22, Mark Boon wrote:
> My company asked to enable OCSP stapling for our Tomcat server. I found
> the documentation about configuring a Tomcat OCSP Connector here:
>
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__tomcat.apache.org_tomcat-2D8.5-2Ddoc_ssl-2Dhowto.html-23Configuring-5FOCSP-5FConnector=DwIDaQ=uilaK90D4TOVoH58JNXRgQ=_kwXikaSZUUarF811P_o9Q=c9Hngb286HQ3waldNl7R5ScNf7kDJHlpVrzQqNdzrqA=Su_lL2hasSRZW0qqEbINeT1Cg6YL5lUjcf18mJXo0kA=
>
>
>
> However, if I’m not mistaken those are instructions for how to set up an
> OCSP responder. But I think in my case, the OCSP responder is the CA
> that issued the certificate. What I need is to instruct Tomcat so that
> it makes the call to the OCSP responder that is specified in the CA
> signed certificate and ‘staples’ the resulting ticket to the certificate
> before presenting it to the client.
>
>
>
> Does anyone know of a place with instructions how to do something like
> this? Or possibly I’m not quite understanding the process of OCSP
> stapling, in which case any pointers on what it means and how it works
> with Tomcat would be much appreciated.
https://urldefense.proofpoint.com/v2/url?u=https-3A__bz.apache.org_bugzilla_show-5Fbug.cgi-3Fid-3D56148=DwIDaQ=uilaK90D4TOVoH58JNXRgQ=_kwXikaSZUUarF811P_o9Q=c9Hngb286HQ3waldNl7R5ScNf7kDJHlpVrzQqNdzrqA=O87uG9CLTZkFihZww0qxd5jkZV6AaWhZ_KE5Kk2JKhU=
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org