Excuse me everyone who has talked on this thread, i haven't followed
this thread closely, but.... why aren't you using a proven software for
that matter like Apache HTTPD?..... it has years of SSL patches,
corrections and improvements, also, tomcat is just too slow to serve
static content like images or large files. If you're concerned with
security, you should never think on the first place to begin a new
development, security has to have a process of maturity before you can
decide something is *secure enough*
Shapira, Yoav escribió:
Hi,
I'm afraid I can't help much with CRLs on Tomcat. I've never done that
before ;) I don't see much in the docs. I do see hits on Google, such
as
http://proj-grid-data-build.web.cern.ch/proj-grid-data-build/edg-java-se
curity/edg-java-security-1.5.9/tomcat/Authentication_Admin_Guide.html,
suggesting a custom SSLSocketFactory is in order. Tomcat of course lets
you integrate whatever socket factory you want for your connector, and
the one in the above links allows for CRL configuration.
Yoav Shapira
Millennium Research Informatics
-----Original Message-----
From: ohaya [mailto:[EMAIL PROTECTED]
Sent: Friday, August 20, 2004 9:55 AM
To: Tomcat Users List
Subject: Re: New idea - Enable Tomcat for SSL?
Yoav,
The problem is that I can't find any info at all on how to configure it
to use a CRL.
FYI, after an all-nighter, I was just able to get the client and server
SSL part working with standalone Tomcat. Very cool :)! And, best of
all, I was able to confirm that with this, I can access the client
certificate info from my JSPs.
I'm just "so close" to what I need now, if I can just figure out how to
enable or incorporate the CRL checking, as from a security standpoint,
they won't let me deploy a PKI-enabled system if it doesn't support
CRLs.
Jim
"Shapira, Yoav" wrote:
Hi,
I don't know about CRL support -- why not just try it out?
Yoav Shapira
Millennium Research Informatics
-----Original Message-----
From: ohaya [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 19, 2004 7:51 PM
To: Tomcat Users List
Subject: Re: New idea - Enable Tomcat for SSL?
"Shapira, Yoav" wrote:
Hi,
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
And, of course,
http://jakarta.apache.org/tomcat/faq/connectors.html#integrate
which
should have saved you considerable time and effort.
Yoav,
I had posted a number of messages about problems I was having, but
in
any event, thanks for the links.
One other question: If I configure Tomcat (5.0.27) as a standalone
SSL-enabled (client and server) webserver+container, will the Tomcat
SSL
handling support the use of certificate revocation lists (CRLs)?
I've been trying to research this, and so far have had no luck
finding
anything on it, and, from the standpoint of security, support for
CRLs
is going to be a must-have if I go this direction.
If you or anyone knows the answer to this question, please let me
know.
Thanks again,
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
This e-mail, including any attachments, is a confidential business
communication, and may contain information that is confidential,
proprietary and/or privileged. This e-mail is intended only for the
individual(s) to whom it is addressed, and may not be saved, copied,
printed, disclosed or used by anyone else. If you are not the(an)
intended
recipient, please immediately delete this e-mail from your computer
system
and notify the sender. Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
This e-mail, including any attachments, is a confidential business communication, and
may contain information that is confidential, proprietary and/or privileged. This
e-mail is intended only for the individual(s) to whom it is addressed, and may not be
saved, copied, printed, disclosed or used by anyone else. If you are not the(an)
intended recipient, please immediately delete this e-mail from your computer system
and notify the sender. Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
