Hi Mark Thomas, Thanks for the pointer. However, that comment you posted there is 4 years old. Any news on the matter since then at all? Has OCSP Stapling support for NIO connectors since made it into Java 9?
Mark Boon On 5/30/18, 12:46 AM, "Mark Thomas" <ma...@apache.org> wrote: On 29/05/18 00:22, Mark Boon wrote: > My company asked to enable OCSP stapling for our Tomcat server. I found > the documentation about configuring a Tomcat OCSP Connector here: > > https://urldefense.proofpoint.com/v2/url?u=https-3A__tomcat.apache.org_tomcat-2D8.5-2Ddoc_ssl-2Dhowto.html-23Configuring-5FOCSP-5FConnector&d=DwIDaQ&c=uilaK90D4TOVoH58JNXRgQ&r=_kwXikaSZUUarF811P_o9Q&m=c9Hngb286HQ3waldNl7R5ScNf7kDJHlpVrzQqNdzrqA&s=Su_lL2hasSRZW0qqEbINeT1Cg6YL5lUjcf18mJXo0kA&e= > > > > However, if I’m not mistaken those are instructions for how to set up an > OCSP responder. But I think in my case, the OCSP responder is the CA > that issued the certificate. What I need is to instruct Tomcat so that > it makes the call to the OCSP responder that is specified in the CA > signed certificate and ‘staples’ the resulting ticket to the certificate > before presenting it to the client. > > > > Does anyone know of a place with instructions how to do something like > this? Or possibly I’m not quite understanding the process of OCSP > stapling, in which case any pointers on what it means and how it works > with Tomcat would be much appreciated. https://urldefense.proofpoint.com/v2/url?u=https-3A__bz.apache.org_bugzilla_show-5Fbug.cgi-3Fid-3D56148&d=DwIDaQ&c=uilaK90D4TOVoH58JNXRgQ&r=_kwXikaSZUUarF811P_o9Q&m=c9Hngb286HQ3waldNl7R5ScNf7kDJHlpVrzQqNdzrqA&s=O87uG9CLTZkFihZww0qxd5jkZV6AaWhZ_KE5Kk2JKhU&e= Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org