Hi there, I have tomcat 5.5 running under windows 2003.
I'm using the APR. I set up a vm to test my set up - and got it working successfully. the setup / plan. tomcat 5.5 forcing SSL/TLS when pointed at a particular url pattern (working fine) requiring a valid certificate from the client before establishing the secure session (working fine) when a client certificate is revoked it needs to recognise this within a reasonable period of time, (worked fine originally but no longer.) am using the windows 2003 CA to issue the client certificates, I also issued the server certificate using the same CA. the vm I set up originally worked great, I could revoke a certificate then connect back with using the browser using that certificate, and it would detect that the certificate was now revoked and block access within what was effectively real time. now however it won't pick up the certificates that have been revoked until the engine is restarted. does anyone know what setting I've missed or configuration option is wrong here? why would it only be picking up the changes to the CRL when the engine gets started (or stopped then started again) failing that, is there a configuration option within tomcat / openssl where I can tell it how regularly to refresh CRL subscriptions? (i have looked and googled and cannot find it) any help at all greatly appreciated. cheers John.
