Thank you. I'll check it out! On Wed, Dec 2, 2009 at 2:47 PM, Marvin Addison <[email protected]>wrote:
> I believe the Sun PKI provider supports CRL checking, but according to > http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html > it is not enabled by default: > > "If the init(KeyStore ks) method is used, default PKIXParameters are > used with the exception that revocation checking is disabled. It can > be enabled by setting the system property > com.sun.net.ssl.checkRevocation to true. Note that this setting > requires that the CertPath implementation can locate revocation > information by itself. The PKIX implementation in the SUN provider can > do this in many cases but requires that the system property > com.sun.security.enableCRLDP be set to true. " > > I recommend you try that approach before rolling your own CRL checking. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
