tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kennedy Roberts" <krobe...@syrres.com>
Subject Re: Certificate Revocation Lists in Tomcat 5.5
Date Wed, 30 Nov 2005 19:31:21 GMT
After doing some research, I have found a few examples of 
{tomcat.home}/conf/server.xml files online that use the "crlFiles" param as 
part of a connector.  Is this a standard parameter that can be used in the 
server.xml file?  I ask because the sites where I have found these examples 
are not clear in whether this is some "added" functionality.  The reason I 
don't try it out myself is because at this point I don't have a CRL which 
contains any of the certificates we use in our development environment.

To summarize:

1)  Is the crlFiles param a standard <connector> element?

2) Has (does) anyone use this param, and are there any quirks to using it.

Thanks,

Kennedy


----- Original Message ----- 
From: "Martin Dubuc" <martind1111@yahoo.com>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Tuesday, November 29, 2005 3:11 PM
Subject: RE: Certificate Revocation Lists in Tomcat 5.5


> CRL support is present in Tomcat 5.5.12.
>
> I am not an expert on Tomcat CRL support but what I
> know is the following:
>
> - You will need to recompile some of the
> tomcat-util.jar classes with JDK 1.5 because Tomcat
> 5.5.12 was compiled with JDK 1.4. The classes to be
> recompiled are:
> org.apache.tomcat.util.net.jsse.JSSE15Factory and
> org.apache.tomcat.util.net.jsse.JSSE15SocketFactory
> classes.
> - The crlFile property needs to be added inside your
> SSL Connector in the server.xml file. The value is the
> location of the CRL file on your system.
>
> Regards,
>
> Martin
>
> --- "Duan, Nick" <NDuan@mcdonaldbradley.com> wrote:
>
>> Tomcat currently doesn't support cert validation
>> against CRL.  You may
>> want to use Apache's mod_ssl to do the CRL checking.
>>  You will have to
>> use mod_jk to connect Apache web server with tomcat.
>>
>> SSL is very computational intensive.  Use Apache's
>> httpd to do the SSL
>> work is more efficient than to use Java-based
>> tomcat.
>>
>> ND
>>
>> -----Original Message-----
>> From: Kennedy Roberts [mailto:kroberts@syrres.com]
>> Sent: Tuesday, November 29, 2005 10:55 AM
>> To: users@tomcat.apache.org
>> Subject: Certificate Revocation Lists in Tomcat 5.5
>>
>> Hi all,
>>
>>     We've recently migrated our (SSL enabled) web
>> application from
>> SunOne to
>> Tomcat 5.5, and I can't find any information on
>> handling Certificate
>> Revocation Lists in Tomcat.  In SunOne, there was a
>> function in the
>> administration console that let you import a CRL.
>> Is there any
>> equivalent
>> in Tomcat, or perhaps some other command line
>> equivalent?
>>
>> Thanks for your help.
>>
>> -Kennedy
>>
>>
>>
> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail:
>> users-help@tomcat.apache.org
>>
>>
>>
> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail:
>> users-help@tomcat.apache.org
>>
>>
>
>
>
>
>
> __________________________________
> Yahoo! Mail - PC Magazine Editors' Choice 2005
> http://mail.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message