Return-Path: 
 <users-return-136527-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: (qmail 64196 invoked from network); 30 Nov 2005 19:46:42 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 30 Nov 2005 19:46:42 -0000
Received: (qmail 63257 invoked by uid 500); 30 Nov 2005 19:46:25 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 63239 invoked by uid 500); 30 Nov 2005 19:46:25 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 63222 invoked by uid 99); 30 Nov 2005 19:46:25 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Nov 2005 11:46:25 -0800
X-ASF-Spam-Status: No, hits=0.8 required=10.0
	tests=DNS_FROM_RFC_ABUSE,MAILTO_TO_SPAM_ADDR
X-Spam-Check-By: apache.org
Received-SPF: pass (asf.osuosl.org: local policy)
Received: from [206.190.38.19] (HELO web50004.mail.yahoo.com) (206.190.38.19)
    by apache.org (qpsmtpd/0.29) with SMTP; Wed, 30 Nov 2005 11:47:50 -0800
Received: (qmail 11993 invoked by uid 60001); 30 Nov 2005 19:45:55 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=uKNd8f7uNhtgICD5EQD4ZImn/OdcgoUKmoWMdlq1vtBE479oakZkMS6U6rR7NrbKRbUH88G1VZMbiAWQhIwXbgxABoBiWb8rS+BszgxJLf3ewNhfbNt9aJM2VZhAbBsD/7pk1VCmvpOgeylejLmq16s6bNXBX1JbzJdw8qaZYR4=
  ;
Message-ID: <20051130194555.11991.qmail@web50004.mail.yahoo.com>
Received: from [24.235.117.242] by web50004.mail.yahoo.com via HTTP;
 Wed, 30 Nov 2005 11:45:54 PST
Date: Wed, 30 Nov 2005 11:45:54 -0800 (PST)
From: Martin Dubuc <martind1111@yahoo.com>
Subject: Re: Certificate Revocation Lists in Tomcat 5.5
To: Tomcat Users List <users@tomcat.apache.org>
In-Reply-To: <053701c5f5e4$a517dbc0$1a04a8c0@nsrp1.syrres.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

1) crlFile is a standard parameter for Connector since
Tomcat 5.5.10 if my recollection is right.

2) There are no quirks in using it.

Martin

--- Kennedy Roberts <kroberts@syrres.com> wrote:

> After doing some research, I have found a few
> examples of 
> {tomcat.home}/conf/server.xml files online that use
> the "crlFiles" param as 
> part of a connector.  Is this a standard parameter
> that can be used in the 
> server.xml file?  I ask because the sites where I
> have found these examples 
> are not clear in whether this is some "added"
> functionality.  The reason I 
> don't try it out myself is because at this point I
> don't have a CRL which 
> contains any of the certificates we use in our
> development environment.
> 
> To summarize:
> 
> 1)  Is the crlFiles param a standard <connector>
> element?
> 
> 2) Has (does) anyone use this param, and are there
> any quirks to using it.
> 
> Thanks,
> 
> Kennedy
> 
> 
> ----- Original Message ----- 
> From: "Martin Dubuc" <martind1111@yahoo.com>
> To: "Tomcat Users List" <users@tomcat.apache.org>
> Sent: Tuesday, November 29, 2005 3:11 PM
> Subject: RE: Certificate Revocation Lists in Tomcat
> 5.5
> 
> 
> > CRL support is present in Tomcat 5.5.12.
> >
> > I am not an expert on Tomcat CRL support but what
> I
> > know is the following:
> >
> > - You will need to recompile some of the
> > tomcat-util.jar classes with JDK 1.5 because
> Tomcat
> > 5.5.12 was compiled with JDK 1.4. The classes to
> be
> > recompiled are:
> > org.apache.tomcat.util.net.jsse.JSSE15Factory and
> >
> org.apache.tomcat.util.net.jsse.JSSE15SocketFactory
> > classes.
> > - The crlFile property needs to be added inside
> your
> > SSL Connector in the server.xml file. The value is
> the
> > location of the CRL file on your system.
> >
> > Regards,
> >
> > Martin
> >
> > --- "Duan, Nick" <NDuan@mcdonaldbradley.com>
> wrote:
> >
> >> Tomcat currently doesn't support cert validation
> >> against CRL.  You may
> >> want to use Apache's mod_ssl to do the CRL
> checking.
> >>  You will have to
> >> use mod_jk to connect Apache web server with
> tomcat.
> >>
> >> SSL is very computational intensive.  Use
> Apache's
> >> httpd to do the SSL
> >> work is more efficient than to use Java-based
> >> tomcat.
> >>
> >> ND
> >>
> >> -----Original Message-----
> >> From: Kennedy Roberts
> [mailto:kroberts@syrres.com]
> >> Sent: Tuesday, November 29, 2005 10:55 AM
> >> To: users@tomcat.apache.org
> >> Subject: Certificate Revocation Lists in Tomcat
> 5.5
> >>
> >> Hi all,
> >>
> >>     We've recently migrated our (SSL enabled) web
> >> application from
> >> SunOne to
> >> Tomcat 5.5, and I can't find any information on
> >> handling Certificate
> >> Revocation Lists in Tomcat.  In SunOne, there was
> a
> >> function in the
> >> administration console that let you import a CRL.
> >> Is there any
> >> equivalent
> >> in Tomcat, or perhaps some other command line
> >> equivalent?
> >>
> >> Thanks for your help.
> >>
> >> -Kennedy
> >>
> >>
> >>
> >
>
---------------------------------------------------------------------
> >> To unsubscribe, e-mail:
> >> users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail:
> >> users-help@tomcat.apache.org
> >>
> >>
> >>
> >
>
---------------------------------------------------------------------
> >> To unsubscribe, e-mail:
> >> users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail:
> >> users-help@tomcat.apache.org
> >>
> >>
> >
> >
> >
> >
> >
> > __________________________________
> > Yahoo! Mail - PC Magazine Editors' Choice 2005
> > http://mail.yahoo.com
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail:
> users-help@tomcat.apache.org
> > 
> 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail:
> users-help@tomcat.apache.org
> 
> 



	
		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org