That's indeed good news. I'd really like to know the result and appreciate any details.
Tomcat 5.5 supposed to run on JDK 1.5. Why was it compiled with JDK 1.4? ND -----Original Message----- From: Kennedy Roberts [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 29, 2005 3:24 PM To: Tomcat Users List Subject: Re: Certificate Revocation Lists in Tomcat 5.5 Martin, I have yet to try what you suggested, but if this is the case, I am grateful for your advice. I had already got our web application up and running on stand alone Tomcat (5.5.12) when I ran into this issue. Realizing this, I was thinking that I would have to scrap my work and start over figuring out how to run our web app with Tomcat integrated with Apache HTTP server. That option seems more labor intensive, as configuration of Tomcat was a breeze (even using SSL). Two questions (for anyone): 1) Is there any reason why running our web app under Tomcat is not as good as running it under Tomcat/Apache HTTP server integrated? 2) With the solution proposed below, is it possible to point to more than one CRL file? We multiple from multiple agencies, and previously just imported them one at a time into SunOne. Thanks again for your help -Kennedy ----- Original Message ----- From: "Martin Dubuc" <[EMAIL PROTECTED]> To: "Tomcat Users List" <users@tomcat.apache.org> Sent: Tuesday, November 29, 2005 3:11 PM Subject: RE: Certificate Revocation Lists in Tomcat 5.5 > CRL support is present in Tomcat 5.5.12. > > I am not an expert on Tomcat CRL support but what I > know is the following: > > - You will need to recompile some of the > tomcat-util.jar classes with JDK 1.5 because Tomcat > 5.5.12 was compiled with JDK 1.4. The classes to be > recompiled are: > org.apache.tomcat.util.net.jsse.JSSE15Factory and > org.apache.tomcat.util.net.jsse.JSSE15SocketFactory > classes. > - The crlFile property needs to be added inside your > SSL Connector in the server.xml file. The value is the > location of the CRL file on your system. > > Regards, > > Martin > > --- "Duan, Nick" <[EMAIL PROTECTED]> wrote: > >> Tomcat currently doesn't support cert validation >> against CRL. You may >> want to use Apache's mod_ssl to do the CRL checking. >> You will have to >> use mod_jk to connect Apache web server with tomcat. >> >> SSL is very computational intensive. Use Apache's >> httpd to do the SSL >> work is more efficient than to use Java-based >> tomcat. >> >> ND >> >> -----Original Message----- >> From: Kennedy Roberts [mailto:[EMAIL PROTECTED] >> Sent: Tuesday, November 29, 2005 10:55 AM >> To: users@tomcat.apache.org >> Subject: Certificate Revocation Lists in Tomcat 5.5 >> >> Hi all, >> >> We've recently migrated our (SSL enabled) web >> application from >> SunOne to >> Tomcat 5.5, and I can't find any information on >> handling Certificate >> Revocation Lists in Tomcat. In SunOne, there was a >> function in the >> administration console that let you import a CRL. >> Is there any >> equivalent >> in Tomcat, or perhaps some other command line >> equivalent? >> >> Thanks for your help. >> >> -Kennedy >> >> >> > --------------------------------------------------------------------- >> To unsubscribe, e-mail: >> [EMAIL PROTECTED] >> For additional commands, e-mail: >> [EMAIL PROTECTED] >> >> >> > --------------------------------------------------------------------- >> To unsubscribe, e-mail: >> [EMAIL PROTECTED] >> For additional commands, e-mail: >> [EMAIL PROTECTED] >> >> > > > > > > __________________________________ > Yahoo! Mail - PC Magazine Editors' Choice 2005 > http://mail.yahoo.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
