On Nov 12, 2013, at 1:54 PM, Christopher Schultz <ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Dan, > > On 11/12/13, 10:10 AM, Daniel Mikusa wrote: >> On Nov 12, 2013, at 5:56 AM, Ja kub <jjaku...@gmail.com> wrote: >> >>> Hello, >>> >>> Is there any way to revoke certificate without restarting tomcat >>> ? >>> >>> http://tomcat.apache.org/tomcat-7.0-doc/config/http.html : >>> crlFile The certificate revocation list to be used to verify >>> client certificates. >>> >>> is this file reloaded by tomcat, or it is read only once at >>> startup ? >> >> I think this was answered recently on the list. Check out this >> thread. >> >> http://marc.info/?l=tomcat-user&m=137345634818076&w=2 > > Short answer: no, CRLs basically can't be updated (right now). > > I'll have to check, but I think re-reading the CRL at runtime isn't a > huge problem for the JSSE connector. Can you log a bugzilla > enhancement request? I submitted this request. https://issues.apache.org/bugzilla/show_bug.cgi?id=55770 It's a pretty basic request though, so if anyone has more detailed thoughts on how this should work, please feel free to elaborate. Dan > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.15 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJSgnlhAAoJEBzwKT+lPKRYqZsQAI70270KC9lk9/oT+d7UCNYv > G0zVLSdh9lIYYoyiPWYF1fCGZYd7J6I2zcsTxw/W4EZY4VJX3Y1QsJmwviTuYYVO > jyDHS2Ph8fUhdsR2rUlT3VmUVWmjo5jrSRfa/S7LepnolEB00ewmLkGFi20bIRlP > dJQU+qE0p/0mX+dgAKsLpnZCJlvO4FyWuCdWoBPQHZKh/Er1rahmmppv5lj1XHcG > EUjDthcmSimUcqDh9hn3eW+u3CS3DeHJqe4im0mvnybK4pwIdLTD4KKWWUexpoGQ > Gv57CL3OFWLWIckgXWWg3NMpDYr+ZiCpplklmtVmTLfx12y0yJKUxoC21rqPNk9R > IVCoH9tv95kCGIHFZ0l2u5q7/3QJ8fkciT5l9AXDwEhYpQZwEnfTx9n3rNcP/yIp > el4NY32g0gb8qF5ycKoReZkvwNKArEtCoL6x94jG4+4wh6DHHFA92KBcsZhs66RT > JfVtueOMKFHQQIyhiiRuZVdphiMRAk0AFAqYebMwot034nQW3CHsWsz984jlJJyH > Ck/jhyigd7SDVEXl+HHcx157v6lxtVrkaTxoeYQJhPK4XwHy1hNkHtFJ2fH0hj9j > PMXYMr2t+mk9a23bO/dDABODD9Iyxlj/Lww+etvLzLu0wPWyAsuMpuKjsyBHeNBB > Kqy6WJpLxUksYMBnLgeA > =Xb71 > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
