tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kennedy Roberts" <krobe...@syrres.com>
Subject Re: Certificate Revocation Lists in Tomcat 5.5
Date Thu, 01 Dec 2005 19:18:27 GMT
Ok, hopefully I am getting close:

I have recompiled the tomcat-util.jar using the 1.5 JDK.  I have looked at 
the contents of the jar and it does now include the JSSE15Factory and 
JSSE15SocketFactory classes.  The version of the tomcat-util.jar that came 
with Tomcat 5.5.12 did not even have these files in it.  So, I take that to 
mean that the recompilation was a success.

I place this jar in the {tomcat.home}/server/lib directory and restarted 
Tomcat AND my webapp.  I've also added the following to my 
{tomcat.home}/conf/server.xml file:

crlFiles="C:\crl.txt"

This crl.txt is a CRL which I have confirmed (using openSSL) contains one of 
my user certificates.

...and it's still not working.  I put a System.out.println() statement in 
the JSSE15SocketFactory to see if it is getting called, but I'm not seeing 
this statement in the log, as if this class isn't getting called.

Any ideas?  I think I'm close to getting this working, and looking through 
the archives, a definitive solution to this problem would help a bunch of 
people out!

Thanks,

Kennedy


----- Original Message ----- 
From: "Martin Dubuc" <martind1111@yahoo.com>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Tuesday, November 29, 2005 3:11 PM
Subject: RE: Certificate Revocation Lists in Tomcat 5.5


> CRL support is present in Tomcat 5.5.12.
>
> I am not an expert on Tomcat CRL support but what I
> know is the following:
>
> - You will need to recompile some of the
> tomcat-util.jar classes with JDK 1.5 because Tomcat
> 5.5.12 was compiled with JDK 1.4. The classes to be
> recompiled are:
> org.apache.tomcat.util.net.jsse.JSSE15Factory and
> org.apache.tomcat.util.net.jsse.JSSE15SocketFactory
> classes.
> - The crlFile property needs to be added inside your
> SSL Connector in the server.xml file. The value is the
> location of the CRL file on your system.
>
> Regards,
>
> Martin
>
> --- "Duan, Nick" <NDuan@mcdonaldbradley.com> wrote:
>
>> Tomcat currently doesn't support cert validation
>> against CRL.  You may
>> want to use Apache's mod_ssl to do the CRL checking.
>>  You will have to
>> use mod_jk to connect Apache web server with tomcat.
>>
>> SSL is very computational intensive.  Use Apache's
>> httpd to do the SSL
>> work is more efficient than to use Java-based
>> tomcat.
>>
>> ND
>>
>> -----Original Message-----
>> From: Kennedy Roberts [mailto:kroberts@syrres.com]
>> Sent: Tuesday, November 29, 2005 10:55 AM
>> To: users@tomcat.apache.org
>> Subject: Certificate Revocation Lists in Tomcat 5.5
>>
>> Hi all,
>>
>>     We've recently migrated our (SSL enabled) web
>> application from
>> SunOne to
>> Tomcat 5.5, and I can't find any information on
>> handling Certificate
>> Revocation Lists in Tomcat.  In SunOne, there was a
>> function in the
>> administration console that let you import a CRL.
>> Is there any
>> equivalent
>> in Tomcat, or perhaps some other command line
>> equivalent?
>>
>> Thanks for your help.
>>
>> -Kennedy
>>
>>
>>
> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail:
>> users-help@tomcat.apache.org
>>
>>
>>
> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail:
>> users-help@tomcat.apache.org
>>
>>
>
>
>
>
>
> __________________________________
> Yahoo! Mail - PC Magazine Editors' Choice 2005
> http://mail.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message