tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Magnuson <mmagnu...@sempervalens.com>
Subject Re: OCSP Connector on Tomcat 8.5 not working
Date Thu, 20 Jun 2019 15:19:30 GMT
Mark,

Tomcat version 8.5.41 and TCNative version 1.2.21.


Mike Magnuson | Semper Valens Solutions, Inc.

DCGS-A Fixed Systems Engineer

Phone: (520) 263-0759

Email: mmagnuson@sempervalens.com

http://www.sempervalens.com/

ISO 9001:2015 | CMMI DEV /3

________________________________
From: Mark Thomas <markt@apache.org>
Sent: Thursday, June 20, 2019 3:33 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working

Tomcat version?

Tomcat Native version?

Mark


On 19/06/2019 23:46, Michael Magnuson wrote:
> Hi,
>
> I'm running Tomcat 8.5 on RHEL 7.6.  I'm successfully using client certificate validation
from the smart card, but I would like to add client-cert OCSP revocation checking.  I *think*
I've set up the connector correctly in the server.xml file, but although the server starts
and operates fine with no errors in the logs, it is not sending any sort of OCSP traffic.
 The user certs do have the responder URL in the AIA field.
> I'm fairly new to this, so I ask some of you more knowledgeable folks to please review
my connector configuration and point out if something is wrong, or missing, or if there's
a setting some place else that I need to turn on.
> My connector configuration is as follows:
>
>  <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
>                 maxThreads="150" SSLEnabled="true"
>                 scheme="https" SSLEnabled="true"
>                 SSLCertificateFile="path_to_server.crt"
>                 SSLCertificateKeyFile="path_to_server.key" SSLPassword="password"
>                 SSLCertificateChainFile="path_to_chain" SSLProtocol="TLSv1.1+TLSv1.2"
>                 clientAuth="want" trustStoreFile="path_to_truststore" trustStorePass="password"
>                 caCertificateFile="path_to_ca_file"
>                 certificateVerification="require"
>                 certificateVerificationDepth="10" >
>       <Certificate
>                 certificateFile="path_to_OCSP_signing_cert"
>                 certificateKeyFile="path_to_OCSP_public_key" />
> </Connector>
>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message