Martin,
I have yet to try what you suggested, but if this is the case, I am
grateful for your advice. I had already got our web application up and
running on stand alone Tomcat (5.5.12) when I ran into this issue.
Realizing this, I was thinking that I would have to scrap my work and start
over figuring out how to run our web app with Tomcat integrated with Apache
HTTP server. That option seems more labor intensive, as configuration of
Tomcat was a breeze (even using SSL). Two questions (for anyone):
1) Is there any reason why running our web app under Tomcat is not as good
as running it under Tomcat/Apache HTTP server integrated?
2) With the solution proposed below, is it possible to point to more than
one CRL file? We multiple from multiple agencies, and previously just
imported them one at a time into SunOne.
Thanks again for your help
-Kennedy
----- Original Message -----
From: "Martin Dubuc" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Tuesday, November 29, 2005 3:11 PM
Subject: RE: Certificate Revocation Lists in Tomcat 5.5
CRL support is present in Tomcat 5.5.12.
I am not an expert on Tomcat CRL support but what I
know is the following:
- You will need to recompile some of the
tomcat-util.jar classes with JDK 1.5 because Tomcat
5.5.12 was compiled with JDK 1.4. The classes to be
recompiled are:
org.apache.tomcat.util.net.jsse.JSSE15Factory and
org.apache.tomcat.util.net.jsse.JSSE15SocketFactory
classes.
- The crlFile property needs to be added inside your
SSL Connector in the server.xml file. The value is the
location of the CRL file on your system.
Regards,
Martin
--- "Duan, Nick" <[EMAIL PROTECTED]> wrote:
Tomcat currently doesn't support cert validation
against CRL. You may
want to use Apache's mod_ssl to do the CRL checking.
You will have to
use mod_jk to connect Apache web server with tomcat.
SSL is very computational intensive. Use Apache's
httpd to do the SSL
work is more efficient than to use Java-based
tomcat.
ND
-----Original Message-----
From: Kennedy Roberts [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 29, 2005 10:55 AM
To: users@tomcat.apache.org
Subject: Certificate Revocation Lists in Tomcat 5.5
Hi all,
We've recently migrated our (SSL enabled) web
application from
SunOne to
Tomcat 5.5, and I can't find any information on
handling Certificate
Revocation Lists in Tomcat. In SunOne, there was a
function in the
administration console that let you import a CRL.
Is there any
equivalent
in Tomcat, or perhaps some other command line
equivalent?
Thanks for your help.
-Kennedy
---------------------------------------------------------------------
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
