You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Joseph Dornisch <ki...@gmail.com> on 2019/02/01 20:44:16 UTC
recommendations for using multiple CRLs
Does this group have any recommendations for merging multiple external CRLs
into one CRL for use with Tomcat, or just making Tomcat aware of multiple
CRLs?
Re: recommendations for using multiple CRLs
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Joseph,
On 2/1/19 15:44, Joseph Dornisch wrote:
> Does this group have any recommendations for merging multiple
> external CRLs into one CRL for use with Tomcat, or just making
> Tomcat aware of multiple CRLs?
Tomcat supports CRLs in two ways:
1. A single file containing all your revoked certs
2. A single directory containing all your certs as separate files
So you will have to pick one. Since you have multiple CRLs already,
what format are they in?
CRLs are usually just PEM-encoded DER files, all concatenated
together. So, merging multiple CRLs is as easy as:
$ cat source/*.crl > mega.crl
Then you use mega.crl in your configuration.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxYpFMACgkQHPApP6U8
pFhKIg//YwNLTCACofILCelOqYSEgcaEMCF4rGM+3qSUueTPgd4/mZFVm8Vsv7mR
nEP7dzK4An7sZahv3xYS7l+1tOVWA2s/7YCGRPcqI+ZR1g/3BAXWICi4tUr28END
ZNrv5Wp6G+OONo3qw24p8YC90rmQy5Tr+AmYGrwRpiYo85TUzH6M5caAiQxc6T32
QC4oLmQJUdWcGd/trsMHxO8am8omqN825bF7WhtB0+gNIcVEerlv/NAYnoNTlQ3g
aUzN61/mZop1yViyOm7VacUOximu9USrS8E75XuExB54RLnFGgDoTUVDLHePIeNP
ZNJC/ukbhWstDLMO0v5iPTU5LdLVVotG+f1fe9fLNxuT2kwOLMq10rmHHmEahszr
uvSEUw5FwoYW2xOBuJycxPlJOw5j49oJ+lHSeOdBS8UsVBlm8DIrgFWChviWDPXE
q+fmLlbvIF1Hi1547gv8PzKKStMcnZY9SuHOvggLDPMEG0jkViu6hT0ZvmhwHP44
HBB5pywL6XQFWgMz6fwkBSIgDQMyqGyFZ5I9JK/y+ocHUJ5B7ALdw7vYgA8BPTGX
SN5mQ5Vp1EmGuP5QxoALXqaqJIWM1ucDKqAl4tsGIMVTVvTCDeMt3AsFyya4MHdP
tzU0ceGMilu8BILmhpa8b4RYme0RQ36Za33Q+sSFUXnjU7scTto=
=Clgn
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org