gt;
> Mark
>
>
>>
>> Thanks,
>> Mike
>>
>> ____________
>> From: Michael Magnuson
>> Sent: Friday, June 28, 2019 10:38 AM
>> To: users@tomcat.apache.org
>> Subject: Re: OCSP Connector on Tomcat 8.5 not working
&
Thanks Mark. I would like to deny access if an unknown response is received.
From: Mark Thomas
Sent: Thursday, July 11, 2019 12:59 PM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 11/07/2019 17:46, Michael Magnuson wrote
ichael Magnuson
> Sent: Friday, June 28, 2019 10:38 AM
> To: users@tomcat.apache.org
> Subject: Re: OCSP Connector on Tomcat 8.5 not working
>
>
>
> Mark, I was able to get this working. Thank you again for all your help.
> The fix happened when I concatenated both the
on
Sent: Friday, June 28, 2019 10:38 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
Mark, I was able to get this working. Thank you again for all your help. The
fix happened when I concatenated both the intermediate CA certificate and the
root CA cert
Thomas
Sent: Tuesday, June 25, 2019 12:41 PM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 25/06/2019 20:22, Michael Magnuson wrote:
>
>
> Mark, thanks for the further clarification. With that setup, it prompts for
> the smart card PIN and yo
On 25/06/2019 20:22, Michael Magnuson wrote:
>
>
> Mark, thanks for the further clarification. With that setup, it prompts for
> the smart card PIN and you can select your certificate, but then nothing
> happens. The only way I can get it to successfully open the page is if I
> also add the
no OCSP action.
From: Mark Thomas
Sent: Tuesday, June 25, 2019 11:33 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 25/06/2019 19:24, Michael Magnuson wrote:
>
>
> Oh I see. I was trying to use those fields for
t leads back to the same trusted
root as the client certs.
Mark
>
> From: Mark Thomas
> Sent: Tuesday, June 25, 2019 11:03 AM
> To: users@tomcat.apache.org
> Subject: Re: OCSP Connector on Tomcat 8.5 not working
>
> On 25/06/2019 18:04, Michael Magnu
Oh I see. I was trying to use those fields for the OCSP responder information.
Thanks for the clarification.
Mike
From: Mark Thomas
Sent: Tuesday, June 25, 2019 11:03 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 25/06/2019 18:04, Michael Magnuson wrote:
>
>
> Mark, are you defining your server SSL certificate someplace else, other than
> within the connector in server.xml?
No.
> From your example connector config, I'm not seeing it defined.
Server key is defined by
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 21/06/2019 17:12, Michael Magnuson wrote:
>
>
> Can I point certificateRevocationListFile= to an empty file so it always
> reverts to OCSP?
Just don't specify it at all.
I've confirmed this lo
t; Sent: Friday, June 21, 2019 9:10 AM
> To: users@tomcat.apache.org
> Subject: Re: OCSP Connector on Tomcat 8.5 not working
>
> On 21/06/2019 16:46, Michael Magnuson wrote:
>>
>>
>> Thanks. Is that setup using a CRL instead of OCSP?
>
> It will work with eith
Can I point certificateRevocationListFile= to an empty file so it always
reverts to OCSP?
From: Mark Thomas
Sent: Friday, June 21, 2019 9:10 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 21/06/2019 16:46, Michael
had been invalidated that wasn't in
the CRL.
Mark
>
>
> From: Mark Thomas
> Sent: Friday, June 21, 2019 8:44 AM
> To: users@tomcat.apache.org
> Subject: Re: OCSP Connector on Tomcat 8.5 not working
>
> On 21/06/2019 16:31, Michael Ma
Thanks. Is that setup using a CRL instead of OCSP?
From: Mark Thomas
Sent: Friday, June 21, 2019 8:44 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 21/06/2019 16:31, Michael Magnuson wrote:
> Hmm. It's st
019 11:36 AM
> To: users@tomcat.apache.org
> Subject: Re: OCSP Connector on Tomcat 8.5 not working
>
> On 20/06/2019 18:50, Mark Thomas wrote:
>> On 20/06/2019 18:27, Michael Magnuson wrote:
>>> Thanks Mark. A couple clarifications on your example first. You don't
>>>
Hmm. It's still not working at all for me. Can you post your SSL connector
configuration?
From: Mark Thomas
Sent: Thursday, June 20, 2019 11:36 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 20/06/2019 18:50, Mark
uot;required"?
>
> "required"
>
> Setting up an OCSP responder locally is next on my TODO list. I'll
> report back with the results.
Works as expected.
Mark
>
> Mark
>
>
>>
>> Thanks,
>> Mike
>>
>>
>>
>>
n my TODO list. I'll
report back with the results.
Mark
>
> Thanks,
> Mike
>
>
>
>
> From: Mark Thomas
> Sent: Thursday, June 20, 2019 10:00 AM
> To: users@tomcat.apache.org
> Subject: Re: OCSP Connector on Tomcat 8.5 not working
bute, is the correct syntax "require" or
"required"?
Thanks,
Mike
From: Mark Thomas
Sent: Thursday, June 20, 2019 10:00 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 20/06/2019 17:24, Michael Magnus
On 20/06/2019 17:24, Michael Magnuson wrote:
> Mark,
>
> Thank you for your replies and help.
>
> I'm not sure how to verify that Tomcat Native was built with OCSP support?
Lets assume it has been. I think that is a safe assumption for now.
> Removing the element had no negative effect. I
"want" has no effect either way.
Mike
From: Mark Thomas
Sent: Thursday, June 20, 2019 9:02 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
On 20/06/2019 16:19, Michael Magnuson wrote:
> Mark,
>
> Tomca
On 20/06/2019 16:19, Michael Magnuson wrote:
> Mark,
>
> Tomcat version 8.5.41 and TCNative version 1.2.21.
There is a OCSP related bug in 1.2.21 but that should not affect you
since the client certs have a responder URL.
8.5.41 isn't the latest but there aren't any OCSP related changes in
Thomas
Sent: Thursday, June 20, 2019 3:33 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working
Tomcat version?
Tomcat Native version?
Mark
On 19/06/2019 23:46, Michael Magnuson wrote:
> Hi,
>
> I'm running Tomcat 8.5 on RHEL 7.6. I'm successfully usi
Tomcat version?
Tomcat Native version?
Mark
On 19/06/2019 23:46, Michael Magnuson wrote:
> Hi,
>
> I'm running Tomcat 8.5 on RHEL 7.6. I'm successfully using client
> certificate validation from the smart card, but I would like to add
> client-cert OCSP revocation checking. I *think* I've
25 matches
Mail list logo
