tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aristotelis <ar...@noc.uoa.gr>
Subject Re: OCSP implementation
Date Thu, 19 Feb 2009 08:08:03 GMT
sura wrote:
> 	
> I have developed a web application uisng jsf with two way SSL and runs 
> in apache. Now I want to validate revocation status of client 
> certificate using OCSP.  How can I achieve this online validation   
> process.
> 
> I have design the system as follows and I want to know is this a good 
> approach or are there better ways to achieve this?
> 
> 
> When client presents his serial, web application(Client) will send it to 
> Apache server where it will create a socket connection with OCSP 
> responder. Then Servlet inside Apache will create OCSPREq and send it to 
> the OCSP responder. Responder will process it and send result to the 
> Servlet and based on the result apache will send boolean value to the 
> client.
> 
> regards,
> Suranjith.

  Although I'm not 100% sure that I have understood what exactly you are 
doing .. you could have a look at this patch :
https://issues.apache.org/bugzilla/show_bug.cgi?id=45392

With this patch if the certificates have an OCSP field tomcat connects 
to the OCSP server and validates the certificate, so if there is an 
error tomcat just returns an error to the client .. and no further 
processing is carried.

   Best regards,
    Aristotelis



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message