1) crlFile is a standard parameter for Connector since
Tomcat 5.5.10 if my recollection is right.
2) There are no quirks in using it.
Martin
--- Kennedy Roberts <[EMAIL PROTECTED]> wrote:
> After doing some research, I have found a few
> examples of
> {tomcat.home}/conf/server.xml files online that use
> the "crlFiles" param as
> part of a connector. Is this a standard parameter
> that can be used in the
> server.xml file? I ask because the sites where I
> have found these examples
> are not clear in whether this is some "added"
> functionality. The reason I
> don't try it out myself is because at this point I
> don't have a CRL which
> contains any of the certificates we use in our
> development environment.
>
> To summarize:
>
> 1) Is the crlFiles param a standard <connector>
> element?
>
> 2) Has (does) anyone use this param, and are there
> any quirks to using it.
>
> Thanks,
>
> Kennedy
>
>
> ----- Original Message -----
> From: "Martin Dubuc" <[EMAIL PROTECTED]>
> To: "Tomcat Users List" <users@tomcat.apache.org>
> Sent: Tuesday, November 29, 2005 3:11 PM
> Subject: RE: Certificate Revocation Lists in Tomcat
> 5.5
>
>
> > CRL support is present in Tomcat 5.5.12.
> >
> > I am not an expert on Tomcat CRL support but what
> I
> > know is the following:
> >
> > - You will need to recompile some of the
> > tomcat-util.jar classes with JDK 1.5 because
> Tomcat
> > 5.5.12 was compiled with JDK 1.4. The classes to
> be
> > recompiled are:
> > org.apache.tomcat.util.net.jsse.JSSE15Factory and
> >
> org.apache.tomcat.util.net.jsse.JSSE15SocketFactory
> > classes.
> > - The crlFile property needs to be added inside
> your
> > SSL Connector in the server.xml file. The value is
> the
> > location of the CRL file on your system.
> >
> > Regards,
> >
> > Martin
> >
> > --- "Duan, Nick" <[EMAIL PROTECTED]>
> wrote:
> >
> >> Tomcat currently doesn't support cert validation
> >> against CRL. You may
> >> want to use Apache's mod_ssl to do the CRL
> checking.
> >> You will have to
> >> use mod_jk to connect Apache web server with
> tomcat.
> >>
> >> SSL is very computational intensive. Use
> Apache's
> >> httpd to do the SSL
> >> work is more efficient than to use Java-based
> >> tomcat.
> >>
> >> ND
> >>
> >> -----Original Message-----
> >> From: Kennedy Roberts
> [mailto:[EMAIL PROTECTED]
> >> Sent: Tuesday, November 29, 2005 10:55 AM
> >> To: users@tomcat.apache.org
> >> Subject: Certificate Revocation Lists in Tomcat
> 5.5
> >>
> >> Hi all,
> >>
> >> We've recently migrated our (SSL enabled) web
> >> application from
> >> SunOne to
> >> Tomcat 5.5, and I can't find any information on
> >> handling Certificate
> >> Revocation Lists in Tomcat. In SunOne, there was
> a
> >> function in the
> >> administration console that let you import a CRL.
> >> Is there any
> >> equivalent
> >> in Tomcat, or perhaps some other command line
> >> equivalent?
> >>
> >> Thanks for your help.
> >>
> >> -Kennedy
> >>
> >>
> >>
> >
>
---------------------------------------------------------------------
> >> To unsubscribe, e-mail:
> >> [EMAIL PROTECTED]
> >> For additional commands, e-mail:
> >> [EMAIL PROTECTED]
> >>
> >>
> >>
> >
>
---------------------------------------------------------------------
> >> To unsubscribe, e-mail:
> >> [EMAIL PROTECTED]
> >> For additional commands, e-mail:
> >> [EMAIL PROTECTED]
> >>
> >>
> >
> >
> >
> >
> >
> > __________________________________
> > Yahoo! Mail - PC Magazine Editors' Choice 2005
> > http://mail.yahoo.com
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
>
>
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
