activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marko Jovanovic (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMQ-6118) ActiveMQ SSL CRL Checking via OCSP
Date Tue, 23 Feb 2016 07:27:18 GMT

    [ https://issues.apache.org/jira/browse/AMQ-6118?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15158455#comment-15158455
] 

Marko Jovanovic commented on AMQ-6118:
--------------------------------------

Hey Christopher,
thanks for your opinion. The post you linked in above, is from me. 
Could you tell me how to raise this request into "needs_review" section? Or how to create
a feature request?
I spent some time on an alternative idea with the static crl list. I could bring in an idea
for 
adding the crl list loadup to the runtime configuration. So it's possible for the users to
load it manually without broker restart.
That's an alternative way to get client certificates managed. 
It would be very glad, when this feature would be reviewed in total.



> ActiveMQ SSL CRL Checking via OCSP
> ----------------------------------
>
>                 Key: AMQ-6118
>                 URL: https://issues.apache.org/jira/browse/AMQ-6118
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.12.1
>         Environment: Windows Server 2012R2 with ActiveMQ Windows Distribution
>            Reporter: Marko Jovanovic
>         Attachments: jvm_args.png
>
>
> For some unknown reason, the CRL Check via OCSP isn't working in Windows ActiveMQ 5.12.1
> After reviewing the Linux distribution of Activemq there was a configuration line found
in the file bin/env.
> The Config in Linux Distribution looked like:
> # Set additional JSE arguments
> #ACTIVEMQ_SSL_OPTS="-Dcom.sun.security.enableCRLDP=true -Docsp.enable=true -Docsp.responderURL=http://ocsp.example.net:80"
> Where to set it in Windows file distribution? 
> Tried to set it in activemq file but no success. I couldn't see any request going to
the responder URL which I configured.
> Think there is a general Problem with the code concerning OCSP functionality.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message