> I've Googled and searched the JA-SIG site for information about how CAS > handles certificate revocation, but can't find anything. Does the CAS > X.509 handler support determining whether a certificate has been revoked > by examining a CRL? If this feature isn't currently available, when > could one expect it?
Not available yet as a CAS function, probably will be some day (not scheduled, but fairly high on my personal wishlist). However you could (should) configure CRL at the level of the (http) connector at the Servlet Container. If you're using Tomcat, then I *think* it might be wise to switch to the APR for this. I've been investigating OCSP too [Online Certificate Status Protocol]. It has some advantages over CRL (and disadvantages off course): OCSP adds a dependency but it should prevent anyone from having to configure a CRL update (which requires an ugly restart of the servlet container if you're using JAVA connectors). Let's find the best solution together here... any suggestions? -- Velpi _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
