Hi, OCSP checking should work "as is", as it should just be a matter of setting the system property "ocsp.enable=true". See the following JIRA comments for more information:
https://issues.apache.org/jira/browse/WSS-339 Colm. On Fri, Apr 18, 2014 at 7:54 PM, <[email protected]> wrote: > Is there a way in the CXF STS to enable OCSP checking of inbound > certificates? I'm using CXF 2.7.12-SNAPSHOT running on Tomcat 7.0.52, and > have set up the STS (via WS-SecurityPolicy in it's WSDL) to require > inbound messages to be signed with a BinarySecurityToken. That works, as > far as it goes, but it does not do any revocation checking. I've seen some > references online to the ws-security.enableRevocation, but the > documentation for it states that that is for CRL, which may work as a > stopgap but has some limitations (like pointing to a custom CRL location), > and besides which my customer's requirement is for OCSP. > If there's nothing there already, I can probably code something up for > that, but I'm not very clear on where or how to hook that code into my > spring configuration, so any pointers along those lines would be a big > help. > Thanx, > Steve Chappell -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
