tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kennedy Roberts" <krobe...@syrres.com>
Subject Re: Certificate Revocation Lists in Tomcat 5.5
Date Tue, 29 Nov 2005 20:23:59 GMT
Martin,

    I have yet to try what you suggested, but if this is the case, I am 
grateful for your advice.  I had already got our web application up and 
running on stand alone Tomcat (5.5.12) when I ran into this issue. 
Realizing this, I was thinking that I would have to scrap my work and start 
over figuring out how to run our web app with Tomcat integrated with Apache 
HTTP server.  That option seems more labor intensive, as configuration of 
Tomcat was a breeze (even using SSL).  Two questions (for anyone):

1) Is there any reason why running our web app under Tomcat is not as good 
as running it under Tomcat/Apache HTTP server integrated?

2) With the solution proposed below, is it possible to point to more than 
one CRL file?  We multiple from multiple agencies, and previously just 
imported them one at a time into SunOne.

Thanks again for your help

-Kennedy


----- Original Message ----- 
From: "Martin Dubuc" <martind1111@yahoo.com>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Tuesday, November 29, 2005 3:11 PM
Subject: RE: Certificate Revocation Lists in Tomcat 5.5


> CRL support is present in Tomcat 5.5.12.
>
> I am not an expert on Tomcat CRL support but what I
> know is the following:
>
> - You will need to recompile some of the
> tomcat-util.jar classes with JDK 1.5 because Tomcat
> 5.5.12 was compiled with JDK 1.4. The classes to be
> recompiled are:
> org.apache.tomcat.util.net.jsse.JSSE15Factory and
> org.apache.tomcat.util.net.jsse.JSSE15SocketFactory
> classes.
> - The crlFile property needs to be added inside your
> SSL Connector in the server.xml file. The value is the
> location of the CRL file on your system.
>
> Regards,
>
> Martin
>
> --- "Duan, Nick" <NDuan@mcdonaldbradley.com> wrote:
>
>> Tomcat currently doesn't support cert validation
>> against CRL.  You may
>> want to use Apache's mod_ssl to do the CRL checking.
>>  You will have to
>> use mod_jk to connect Apache web server with tomcat.
>>
>> SSL is very computational intensive.  Use Apache's
>> httpd to do the SSL
>> work is more efficient than to use Java-based
>> tomcat.
>>
>> ND
>>
>> -----Original Message-----
>> From: Kennedy Roberts [mailto:kroberts@syrres.com]
>> Sent: Tuesday, November 29, 2005 10:55 AM
>> To: users@tomcat.apache.org
>> Subject: Certificate Revocation Lists in Tomcat 5.5
>>
>> Hi all,
>>
>>     We've recently migrated our (SSL enabled) web
>> application from
>> SunOne to
>> Tomcat 5.5, and I can't find any information on
>> handling Certificate
>> Revocation Lists in Tomcat.  In SunOne, there was a
>> function in the
>> administration console that let you import a CRL.
>> Is there any
>> equivalent
>> in Tomcat, or perhaps some other command line
>> equivalent?
>>
>> Thanks for your help.
>>
>> -Kennedy
>>
>>
>>
> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail:
>> users-help@tomcat.apache.org
>>
>>
>>
> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail:
>> users-help@tomcat.apache.org
>>
>>
>
>
>
>
>
> __________________________________
> Yahoo! Mail - PC Magazine Editors' Choice 2005
> http://mail.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message