tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Dubuc <martind1...@yahoo.com>
Subject RE: Certificate Revocation Lists in Tomcat 5.5
Date Tue, 29 Nov 2005 20:11:26 GMT
CRL support is present in Tomcat 5.5.12.

I am not an expert on Tomcat CRL support but what I
know is the following:

- You will need to recompile some of the
tomcat-util.jar classes with JDK 1.5 because Tomcat
5.5.12 was compiled with JDK 1.4. The classes to be
recompiled are:
org.apache.tomcat.util.net.jsse.JSSE15Factory and
org.apache.tomcat.util.net.jsse.JSSE15SocketFactory
classes.
- The crlFile property needs to be added inside your
SSL Connector in the server.xml file. The value is the
location of the CRL file on your system.

Regards,

Martin

--- "Duan, Nick" <NDuan@mcdonaldbradley.com> wrote:

> Tomcat currently doesn't support cert validation
> against CRL.  You may
> want to use Apache's mod_ssl to do the CRL checking.
>  You will have to
> use mod_jk to connect Apache web server with tomcat.
> 
> SSL is very computational intensive.  Use Apache's
> httpd to do the SSL
> work is more efficient than to use Java-based
> tomcat.
> 
> ND
> 
> -----Original Message-----
> From: Kennedy Roberts [mailto:kroberts@syrres.com] 
> Sent: Tuesday, November 29, 2005 10:55 AM
> To: users@tomcat.apache.org
> Subject: Certificate Revocation Lists in Tomcat 5.5
> 
> Hi all,
> 
>     We've recently migrated our (SSL enabled) web
> application from
> SunOne to 
> Tomcat 5.5, and I can't find any information on
> handling Certificate 
> Revocation Lists in Tomcat.  In SunOne, there was a
> function in the 
> administration console that let you import a CRL. 
> Is there any
> equivalent 
> in Tomcat, or perhaps some other command line
> equivalent?
> 
> Thanks for your help.
> 
> -Kennedy 
> 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail:
> users-help@tomcat.apache.org
> 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail:
> users-help@tomcat.apache.org
> 
> 



	
		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message