tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Magnuson <mmagnu...@sempervalens.com>
Subject OCSP Connector on Tomcat 8.5 not working
Date Wed, 19 Jun 2019 22:46:01 GMT
Hi,

I'm running Tomcat 8.5 on RHEL 7.6.  I'm successfully using client certificate validation
from the smart card, but I would like to add client-cert OCSP revocation checking.  I *think*
I've set up the connector correctly in the server.xml file, but although the server starts
and operates fine with no errors in the logs, it is not sending any sort of OCSP traffic.
 The user certs do have the responder URL in the AIA field.
I'm fairly new to this, so I ask some of you more knowledgeable folks to please review my
connector configuration and point out if something is wrong, or missing, or if there's a setting
some place else that I need to turn on.
My connector configuration is as follows:

 <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
                maxThreads="150" SSLEnabled="true"
                scheme="https" SSLEnabled="true"
                SSLCertificateFile="path_to_server.crt"
                SSLCertificateKeyFile="path_to_server.key" SSLPassword="password"
                SSLCertificateChainFile="path_to_chain" SSLProtocol="TLSv1.1+TLSv1.2"
                clientAuth="want" trustStoreFile="path_to_truststore" trustStorePass="password"
                caCertificateFile="path_to_ca_file"
                certificateVerification="require"
                certificateVerificationDepth="10" >
      <Certificate
                certificateFile="path_to_OCSP_signing_cert"
                certificateKeyFile="path_to_OCSP_public_key" />
</Connector>



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message