Hi,
You can also do CRL Certificate check via Apache, in front of CAS.
http://www.apacheweek.com/features/crl
Regards.
2009/12/2 André Luiz Cardoso <[email protected]>
> Thank you. I'll check it out!
>
> On Wed, Dec 2, 2009 at 2:47 PM, Marvin Addison
> <[email protected]>wrote:
>
>> I believe the Sun PKI provider supports CRL checking, but according to
>> http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html
>> it is not enabled by default:
>>
>> "If the init(KeyStore ks) method is used, default PKIXParameters are
>> used with the exception that revocation checking is disabled. It can
>> be enabled by setting the system property
>> com.sun.net.ssl.checkRevocation to true. Note that this setting
>> requires that the CertPath implementation can locate revocation
>> information by itself. The PKIX implementation in the SUN provider can
>> do this in many cases but requires that the system property
>> com.sun.security.enableCRLDP be set to true. "
>>
>> I recommend you try that approach before rolling your own CRL checking.
>>
>> M
>>
>> --
>> You are currently subscribed to [email protected] as:
>> [email protected]
>>
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>
> --
> You are currently subscribed to [email protected] as: [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
Saludos.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
