Praveen Pat said:
The problem I have is how to update the CRL. If I do not update the CRL, Tomcat does not let any of my users in. It blocks all the users. To update the CRL, I have to stop the Tomcat, and I am trying to avoid it. Reply: Call me naive, but if nobody can get in, what is wrong with restarting to correct the problem? Now, on to the heart of the problem. AIUI, a CRL is something that is likely to be dynamic, not highly dynamic, but changes are expected. Most folks would probably like changes to be reflected as soon as possible, as you'd like the system to dishonor revoked certs as soon as they are known about. So why doesn't Tomcat monitor the file for changes? Are their technical or policy reasons why it is not monitored? I'm sure there are some security gurus out there who could shed some light on this. ******************************* NOTICE ********************************* This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org