On 01/05/2016 12:28 PM, Seshadri, Usha wrote:
Hi,
I am using Java 8, and am trying to configure JVM to go to CRL for
revocation checking.I didn’t see any parameter in java.security to
enable CRL revocation checking, although there are parameters to
configure OCSP.
I tried setting these two parameters as JVM options with -D, but doesn’t
seem to take any effect.
deployment.security.validation.crl= true
deployment.security.validation.crl.url=file:///root/xyz/crls/ àpoints to
the CRL directory
These properties are not general JDK system properties. They are
specifically used for revocation checking of certificates used when
running signed applets via Java Plugin or WebStart.
What configurable property controls the CRL revocation checking? Any
answer will be greatly appreciated!
It would be helpful to know what security APIs your application is
using, as the JVM itself doesn't perform revocation checking. For
example, if you are using JSSE, then setting the following system
properties may help address your issue:
com.sun.net.ssl.checkRevocation=true
com.sun.security.enableCRLDP=true
You can find more information and examples in the JSSE reference guide:
http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html
Note that this list is not intended to be a general alias for questions
about Java Security, so this question is somewhat off topic. There are
various forums/websites that are probably more appropriate.
Thanks,
Sean
Thanks,
Usha Seshadri
Lockheed Martin, IS&GS
301-240-7496
LM-logo