tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeffrey Janner" <Jeffrey.Jan...@PolyDyne.com>
Subject RE: Updating CRL in Tomcat 6 without taking it down
Date Fri, 05 Feb 2010 15:33:26 GMT


Praveen Pat said:

The problem I have is how to update the CRL.
If I do not update the CRL, Tomcat does not let any of my users in. It
blocks all the users.
To update the CRL, I have to stop the Tomcat, and I am trying to avoid
it.

Reply:

Call me naive, but if nobody can get in, what is wrong with restarting
to correct the problem?

Now, on to the heart of the problem.
AIUI, a CRL is something that is likely to be dynamic, not highly
dynamic, but changes are expected.
Most folks would probably like changes to be reflected as soon as
possible, as you'd like the system to dishonor revoked certs as soon as
they are known about.
So why doesn't Tomcat monitor the file for changes?  Are their technical
or policy reasons why it is not monitored?
I'm sure there are some security gurus out there who could shed some
light on this.

*******************************  NOTICE  *********************************
This message is intended for the use of the individual or entity to which 
it is addressed and may contain information that is privileged, 
confidential, and exempt from disclosure under applicable law.  If the 
reader of this message is not the intended recipient or the employee or 
agent responsible for delivering this message to the intended recipient, 
you are hereby notified that any dissemination, distribution, or copying 
of this communication is strictly prohibited.  If you have received this 
communication in error, please notify us immediately by reply or by 
telephone (call us collect at 512-343-9100) and immediately delete this 
message and all its attachments.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message