1) crlFile is a standard parameter for Connector since Tomcat 5.5.10 if my recollection is right.
2) There are no quirks in using it. Martin --- Kennedy Roberts <[EMAIL PROTECTED]> wrote: > After doing some research, I have found a few > examples of > {tomcat.home}/conf/server.xml files online that use > the "crlFiles" param as > part of a connector. Is this a standard parameter > that can be used in the > server.xml file? I ask because the sites where I > have found these examples > are not clear in whether this is some "added" > functionality. The reason I > don't try it out myself is because at this point I > don't have a CRL which > contains any of the certificates we use in our > development environment. > > To summarize: > > 1) Is the crlFiles param a standard <connector> > element? > > 2) Has (does) anyone use this param, and are there > any quirks to using it. > > Thanks, > > Kennedy > > > ----- Original Message ----- > From: "Martin Dubuc" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <users@tomcat.apache.org> > Sent: Tuesday, November 29, 2005 3:11 PM > Subject: RE: Certificate Revocation Lists in Tomcat > 5.5 > > > > CRL support is present in Tomcat 5.5.12. > > > > I am not an expert on Tomcat CRL support but what > I > > know is the following: > > > > - You will need to recompile some of the > > tomcat-util.jar classes with JDK 1.5 because > Tomcat > > 5.5.12 was compiled with JDK 1.4. The classes to > be > > recompiled are: > > org.apache.tomcat.util.net.jsse.JSSE15Factory and > > > org.apache.tomcat.util.net.jsse.JSSE15SocketFactory > > classes. > > - The crlFile property needs to be added inside > your > > SSL Connector in the server.xml file. The value is > the > > location of the CRL file on your system. > > > > Regards, > > > > Martin > > > > --- "Duan, Nick" <[EMAIL PROTECTED]> > wrote: > > > >> Tomcat currently doesn't support cert validation > >> against CRL. You may > >> want to use Apache's mod_ssl to do the CRL > checking. > >> You will have to > >> use mod_jk to connect Apache web server with > tomcat. > >> > >> SSL is very computational intensive. Use > Apache's > >> httpd to do the SSL > >> work is more efficient than to use Java-based > >> tomcat. > >> > >> ND > >> > >> -----Original Message----- > >> From: Kennedy Roberts > [mailto:[EMAIL PROTECTED] > >> Sent: Tuesday, November 29, 2005 10:55 AM > >> To: users@tomcat.apache.org > >> Subject: Certificate Revocation Lists in Tomcat > 5.5 > >> > >> Hi all, > >> > >> We've recently migrated our (SSL enabled) web > >> application from > >> SunOne to > >> Tomcat 5.5, and I can't find any information on > >> handling Certificate > >> Revocation Lists in Tomcat. In SunOne, there was > a > >> function in the > >> administration console that let you import a CRL. > >> Is there any > >> equivalent > >> in Tomcat, or perhaps some other command line > >> equivalent? > >> > >> Thanks for your help. > >> > >> -Kennedy > >> > >> > >> > > > --------------------------------------------------------------------- > >> To unsubscribe, e-mail: > >> [EMAIL PROTECTED] > >> For additional commands, e-mail: > >> [EMAIL PROTECTED] > >> > >> > >> > > > --------------------------------------------------------------------- > >> To unsubscribe, e-mail: > >> [EMAIL PROTECTED] > >> For additional commands, e-mail: > >> [EMAIL PROTECTED] > >> > >> > > > > > > > > > > > > __________________________________ > > Yahoo! Mail - PC Magazine Editors' Choice 2005 > > http://mail.yahoo.com > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]