After doing some research, I have found a few examples of
{tomcat.home}/conf/server.xml files online that use the "crlFiles" param as
part of a connector. Is this a standard parameter that can be used in the
server.xml file? I ask because the sites where I have found these examples
are not clear in whether this is some "added" functionality. The reason I
don't try it out myself is because at this point I don't have a CRL which
contains any of the certificates we use in our development environment.
To summarize:
1) Is the crlFiles param a standard <connector> element?
2) Has (does) anyone use this param, and are there any quirks to using it.
Thanks,
Kennedy
----- Original Message -----
From: "Martin Dubuc" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Tuesday, November 29, 2005 3:11 PM
Subject: RE: Certificate Revocation Lists in Tomcat 5.5
CRL support is present in Tomcat 5.5.12.
I am not an expert on Tomcat CRL support but what I
know is the following:
- You will need to recompile some of the
tomcat-util.jar classes with JDK 1.5 because Tomcat
5.5.12 was compiled with JDK 1.4. The classes to be
recompiled are:
org.apache.tomcat.util.net.jsse.JSSE15Factory and
org.apache.tomcat.util.net.jsse.JSSE15SocketFactory
classes.
- The crlFile property needs to be added inside your
SSL Connector in the server.xml file. The value is the
location of the CRL file on your system.
Regards,
Martin
--- "Duan, Nick" <[EMAIL PROTECTED]> wrote:
Tomcat currently doesn't support cert validation
against CRL. You may
want to use Apache's mod_ssl to do the CRL checking.
You will have to
use mod_jk to connect Apache web server with tomcat.
SSL is very computational intensive. Use Apache's
httpd to do the SSL
work is more efficient than to use Java-based
tomcat.
ND
-----Original Message-----
From: Kennedy Roberts [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 29, 2005 10:55 AM
To: users@tomcat.apache.org
Subject: Certificate Revocation Lists in Tomcat 5.5
Hi all,
We've recently migrated our (SSL enabled) web
application from
SunOne to
Tomcat 5.5, and I can't find any information on
handling Certificate
Revocation Lists in Tomcat. In SunOne, there was a
function in the
administration console that let you import a CRL.
Is there any
equivalent
in Tomcat, or perhaps some other command line
equivalent?
Thanks for your help.
-Kennedy
---------------------------------------------------------------------
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
