tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Dubuc <martind1...@yahoo.com>
Subject Re: Certificate Revocation Lists in Tomcat 5.5
Date Wed, 30 Nov 2005 19:45:54 GMT
1) crlFile is a standard parameter for Connector since
Tomcat 5.5.10 if my recollection is right.

2) There are no quirks in using it.

Martin

--- Kennedy Roberts <kroberts@syrres.com> wrote:

> After doing some research, I have found a few
> examples of 
> {tomcat.home}/conf/server.xml files online that use
> the "crlFiles" param as 
> part of a connector.  Is this a standard parameter
> that can be used in the 
> server.xml file?  I ask because the sites where I
> have found these examples 
> are not clear in whether this is some "added"
> functionality.  The reason I 
> don't try it out myself is because at this point I
> don't have a CRL which 
> contains any of the certificates we use in our
> development environment.
> 
> To summarize:
> 
> 1)  Is the crlFiles param a standard <connector>
> element?
> 
> 2) Has (does) anyone use this param, and are there
> any quirks to using it.
> 
> Thanks,
> 
> Kennedy
> 
> 
> ----- Original Message ----- 
> From: "Martin Dubuc" <martind1111@yahoo.com>
> To: "Tomcat Users List" <users@tomcat.apache.org>
> Sent: Tuesday, November 29, 2005 3:11 PM
> Subject: RE: Certificate Revocation Lists in Tomcat
> 5.5
> 
> 
> > CRL support is present in Tomcat 5.5.12.
> >
> > I am not an expert on Tomcat CRL support but what
> I
> > know is the following:
> >
> > - You will need to recompile some of the
> > tomcat-util.jar classes with JDK 1.5 because
> Tomcat
> > 5.5.12 was compiled with JDK 1.4. The classes to
> be
> > recompiled are:
> > org.apache.tomcat.util.net.jsse.JSSE15Factory and
> >
> org.apache.tomcat.util.net.jsse.JSSE15SocketFactory
> > classes.
> > - The crlFile property needs to be added inside
> your
> > SSL Connector in the server.xml file. The value is
> the
> > location of the CRL file on your system.
> >
> > Regards,
> >
> > Martin
> >
> > --- "Duan, Nick" <NDuan@mcdonaldbradley.com>
> wrote:
> >
> >> Tomcat currently doesn't support cert validation
> >> against CRL.  You may
> >> want to use Apache's mod_ssl to do the CRL
> checking.
> >>  You will have to
> >> use mod_jk to connect Apache web server with
> tomcat.
> >>
> >> SSL is very computational intensive.  Use
> Apache's
> >> httpd to do the SSL
> >> work is more efficient than to use Java-based
> >> tomcat.
> >>
> >> ND
> >>
> >> -----Original Message-----
> >> From: Kennedy Roberts
> [mailto:kroberts@syrres.com]
> >> Sent: Tuesday, November 29, 2005 10:55 AM
> >> To: users@tomcat.apache.org
> >> Subject: Certificate Revocation Lists in Tomcat
> 5.5
> >>
> >> Hi all,
> >>
> >>     We've recently migrated our (SSL enabled) web
> >> application from
> >> SunOne to
> >> Tomcat 5.5, and I can't find any information on
> >> handling Certificate
> >> Revocation Lists in Tomcat.  In SunOne, there was
> a
> >> function in the
> >> administration console that let you import a CRL.
> >> Is there any
> >> equivalent
> >> in Tomcat, or perhaps some other command line
> >> equivalent?
> >>
> >> Thanks for your help.
> >>
> >> -Kennedy
> >>
> >>
> >>
> >
>
---------------------------------------------------------------------
> >> To unsubscribe, e-mail:
> >> users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail:
> >> users-help@tomcat.apache.org
> >>
> >>
> >>
> >
>
---------------------------------------------------------------------
> >> To unsubscribe, e-mail:
> >> users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail:
> >> users-help@tomcat.apache.org
> >>
> >>
> >
> >
> >
> >
> >
> > __________________________________
> > Yahoo! Mail - PC Magazine Editors' Choice 2005
> > http://mail.yahoo.com
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail:
> users-help@tomcat.apache.org
> > 
> 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail:
> users-help@tomcat.apache.org
> 
> 



	
		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message