tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: CRL on Tomcat Tomcat/5.5.15
Date Sat, 04 Feb 2006 04:27:43 GMT

"Dobson Paul L Contr 84 MSUG/GBMLBR" <> wrote in 
>I have just downloaded and installed tomcat 5.5.15 and configured SSL and
> Client Authentication.  I have about a dozen different CRL lists I need to
> authenticate against.  I have read little bits and pieces about CRL list
> support from different postings here and there like having to recompile 
> with
> java 5, using crlfile or crlfiles properties, etc.  Is there anywhere that 
> I
> can get good quality thorough documentation or a good tutorial on how to
> achieve CRL support on tomcat?

Yes, you can write it up, and submit it.  Patches are always welcome ;-).

Yes, since there isn't yet a Java 5 binary distro, you need to grab the 
source distro, and at a minumum compile*.java.  If you've already got the 
binary distro, than it's probably easier to just rebuild all of 
  1) Goto connectors/util, and create a file with your 
favorite editor with:

  2) Run `ant jar`
  3) Copy the resulting tomcat-util.jar to $CATALINA_HOME/server/lib

Currently, only one CRL file is supported (with the attribute 'crlFile'). 
It wouldn't be too hard to hack JSSE15SocketFactory to support multiple CRL 
files.  If you want to do it and submit it back, I'd take a look at it. 
Otherwise, you'll have to combine yours.

The file format for crlFile is simply that documented for  Other than that, it 
should just work :).

> I apologize if this has been answered already.  The firewall at work
> prevents me from searching the archives.
> Thanks in advance for you help.
> --Paul

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message