Hi, On Mon, May 28, 2018 at 7:22 PM, Mark Boon <mb...@vmware.com> wrote:
> My company asked to enable OCSP stapling for our Tomcat server. I found > the documentation about configuring a Tomcat OCSP Connector here: > > https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html# > Configuring_OCSP_Connector > > > > However, if I’m not mistaken those are instructions for how to set up an > OCSP responder. But I think in my case, the OCSP responder is the CA that > issued the certificate. What I need is to instruct Tomcat so that it makes > the call to the OCSP responder that is specified in the CA signed > certificate and ‘staples’ the resulting ticket to the certificate before > presenting it to the client. > You're correct. The configuration document does mention the OCSP responder, but you really don't need to do anything special in tomcat to enable OCSP. If your connector has certificateVerification or clientAuth enabled, then tomcat will do the needful with the client certificate (including verify it with OCSP if the OCSP url is present). > > > Does anyone know of a place with instructions how to do something like > this? Or possibly I’m not quite understanding the process of OCSP stapling, > in which case any pointers on what it means and how it works with Tomcat > would be much appreciated. > > > > > > *Mark Boon* > *Staff Engineer* > mb...@vmware.com > 3401 Hillview Avenue, Palo Alto, CA 94304 > <https://maps.google.com/?q=3401+Hillview+Avenue,+Palo+Alto,+CA+94304&entry=gmail&source=g> > 650.123.4567 Office > 808.234.4892 Mobile > > [image: e] <http://www.vmware.com/> > > >
