tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <Yoav.Shap...@mpi.com>
Subject RE: New idea - Enable Tomcat for SSL?
Date Fri, 20 Aug 2004 14:03:59 GMT

Hi,
I'm afraid I can't help much with CRLs on Tomcat.  I've never done that
before ;)  I don't see much in the docs.  I do see hits on Google, such
as
http://proj-grid-data-build.web.cern.ch/proj-grid-data-build/edg-java-se
curity/edg-java-security-1.5.9/tomcat/Authentication_Admin_Guide.html,
suggesting a custom SSLSocketFactory is in order.  Tomcat of course lets
you integrate whatever socket factory you want for your connector, and
the one in the above links allows for CRL configuration.

Yoav Shapira
Millennium Research Informatics


>-----Original Message-----
>From: ohaya [mailto:ohaya@cox.net]
>Sent: Friday, August 20, 2004 9:55 AM
>To: Tomcat Users List
>Subject: Re: New idea - Enable Tomcat for SSL?
>
>Yoav,
>
>The problem is that I can't find any info at all on how to configure it
>to use a CRL.
>
>FYI, after an all-nighter, I was just able to get the client and server
>SSL part working with standalone Tomcat.  Very cool :)!  And, best of
>all, I was able to confirm that with this, I can access the client
>certificate info from my JSPs.
>
>I'm just "so close" to what I need now, if I can just figure out how to
>enable or incorporate the CRL checking, as from a security standpoint,
>they won't let me deploy a PKI-enabled system if it doesn't support
>CRLs.
>
>Jim
>
>
>
>"Shapira, Yoav" wrote:
>>
>> Hi,
>> I don't know about CRL support -- why not just try it out?
>>
>> Yoav Shapira
>> Millennium Research Informatics
>>
>> >-----Original Message-----
>> >From: ohaya [mailto:ohaya@cox.net]
>> >Sent: Thursday, August 19, 2004 7:51 PM
>> >To: Tomcat Users List
>> >Subject: Re: New idea - Enable Tomcat for SSL?
>> >
>> >
>> >
>> >"Shapira, Yoav" wrote:
>> >>
>> >> Hi,
>> >> http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
>> >>
>> >> And, of course,
>> >> http://jakarta.apache.org/tomcat/faq/connectors.html#integrate
which
>> >> should have saved you considerable time and effort.
>> >>
>> >
>> >
>> >Yoav,
>> >
>> >I had posted a number of messages about problems I was having, but
in
>> >any event, thanks for the links.
>> >
>> >One other question:  If I configure Tomcat (5.0.27) as a standalone
>> >SSL-enabled (client and server) webserver+container, will the Tomcat
>> SSL
>> >handling support the use of certificate revocation lists (CRLs)?
>> >
>> >I've been trying to research this, and so far have had no luck
finding
>> >anything on it, and, from the standpoint of security, support for
CRLs
>> >is going to be a must-have if I go this direction.
>> >
>> >If you or anyone knows the answer to this question, please let me
know.
>> >
>> >Thanks again,
>> >Jim
>> >
>>
>---------------------------------------------------------------------
>> >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>> This e-mail, including any attachments, is a confidential business
>communication, and may contain information that is confidential,
>proprietary and/or privileged.  This e-mail is intended only for the
>individual(s) to whom it is addressed, and may not be saved, copied,
>printed, disclosed or used by anyone else.  If you are not the(an)
intended
>recipient, please immediately delete this e-mail from your computer
system
>and notify the sender.  Thank you.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message