Soon I will stand in front of the same problem.
I think to implement my own TrustManager checking certificates by myself.
I've found (still not checked) an example here:
http://forum.spring.io/forum/spring-projects/web/117374-how-to-write-a-x509-custom-trust-manager-for-validating-the-client
TrustManagerFactory factory = TrustManagerFactory.getInstance("X509");
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(getClass().getResourceAsStream("ca.keystore"),
"123456".toCharArray());
factory.init(ks);
Certificate cert =
CertificateFactory.getInstance("X509").generateCertificate(getClass().getResourceAsStream("localhost.cer"));
for (TrustManager tm: factory.getTrustManagers())
((X509TrustManager)tm).checkClientTrusted(new X509Certificate[] {
(X509Certificate)cert }, "RSA");
Marek
2013/11/12 Ja kub <jjaku...@gmail.com>
> Hello,
>
> Is there any way to revoke certificate without restarting tomcat ?
>
> http://tomcat.apache.org/tomcat-7.0-doc/config/http.html :
> crlFile The certificate revocation list to be used to verify client
> certificates.
>
> is this file reloaded by tomcat, or it is read only once at startup ?
>
> regards
> Jakub
>
--
Marek Jagielski
+48 513 402 596
