Hi Dominique - It does not seem that we have implemented CRL as yet. It would need to be added to the creation of the SSLContextFactory in the JettySSLService.
Could I bother you to file a JIRA for this for 1.1.0 release? Feel free to contribute a patch for it as well, if you like. thanks! --larry On Mon, Mar 19, 2018 at 8:54 AM, Dominique De Vito <[email protected]> wrote: > Hi, > > When searching into the User Guide (1.0), while I have found "mutual > authentication with SSL", there is no mention of CRL (Certificate > Revocation List). > > Well, it's useful to have a truststore for authenticating clients. > But it's useful too to revoke this or this user/client account for some > cases. > > "Mutual authentication with SSL" works "hand in hand" with CRL > (Certificate Revocation List) usually. > > Is CRL just missing for the doc ? > Or, is CRL feature not implemented in Knox ? > > Thanks. > > Regards, > Dominique > >
