CRL support is present in Tomcat 5.5.12. I am not an expert on Tomcat CRL support but what I know is the following:
- You will need to recompile some of the tomcat-util.jar classes with JDK 1.5 because Tomcat 5.5.12 was compiled with JDK 1.4. The classes to be recompiled are: org.apache.tomcat.util.net.jsse.JSSE15Factory and org.apache.tomcat.util.net.jsse.JSSE15SocketFactory classes. - The crlFile property needs to be added inside your SSL Connector in the server.xml file. The value is the location of the CRL file on your system. Regards, Martin --- "Duan, Nick" <[EMAIL PROTECTED]> wrote: > Tomcat currently doesn't support cert validation > against CRL. You may > want to use Apache's mod_ssl to do the CRL checking. > You will have to > use mod_jk to connect Apache web server with tomcat. > > SSL is very computational intensive. Use Apache's > httpd to do the SSL > work is more efficient than to use Java-based > tomcat. > > ND > > -----Original Message----- > From: Kennedy Roberts [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 29, 2005 10:55 AM > To: users@tomcat.apache.org > Subject: Certificate Revocation Lists in Tomcat 5.5 > > Hi all, > > We've recently migrated our (SSL enabled) web > application from > SunOne to > Tomcat 5.5, and I can't find any information on > handling Certificate > Revocation Lists in Tomcat. In SunOne, there was a > function in the > administration console that let you import a CRL. > Is there any > equivalent > in Tomcat, or perhaps some other command line > equivalent? > > Thanks for your help. > > -Kennedy > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]