You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Dobson Paul L Contr 84 MSUG/GBMLBR <Pa...@HILL.af.mil> on 2006/02/03 18:46:50 UTC

CRL on Tomcat Tomcat/5.5.15

I have just downloaded and installed tomcat 5.5.15 and configured SSL and
Client Authentication.  I have about a dozen different CRL lists I need to
authenticate against.  I have read little bits and pieces about CRL list
support from different postings here and there like having to recompile with
java 5, using crlfile or crlfiles properties, etc.  Is there anywhere that I
can get good quality thorough documentation or a good tutorial on how to
achieve CRL support on tomcat?

 

I apologize if this has been answered already.  The firewall at work
prevents me from searching the archives.

 

Thanks in advance for you help.

 

 

--Paul

Re: CRL on Tomcat Tomcat/5.5.15

Posted by Bill Barker <wb...@wilshire.com>.

"Dobson Paul L Contr 84 MSUG/GBMLBR" <Pa...@HILL.af.mil> wrote in 
message 
news:EE6F396F72C0154CAAD38FAAF8256EEE20CAA5@fskrsm23.hill.afmc.ds.af.mil...
>I have just downloaded and installed tomcat 5.5.15 and configured SSL and
> Client Authentication.  I have about a dozen different CRL lists I need to
> authenticate against.  I have read little bits and pieces about CRL list
> support from different postings here and there like having to recompile 
> with
> java 5, using crlfile or crlfiles properties, etc.  Is there anywhere that 
> I
> can get good quality thorough documentation or a good tutorial on how to
> achieve CRL support on tomcat?
>
>

Yes, you can write it up, and submit it.  Patches are always welcome ;-).

Yes, since there isn't yet a Java 5 binary distro, you need to grab the 
source distro, and at a minumum compile 
org.apache.tomcat.util.net.jsse.JSSE15*.java.  If you've already got the 
binary distro, than it's probably easier to just rebuild all of 
tomcat-util.jar:
  1) Goto connectors/util, and create a build.properties file with your 
favorite editor with:
        catalina.home=/path/to/tomcat
        commons-logging.jar=${catalina.home}/bin/commons-logging-api.jar
        commons-modeler.jar=${catalina.home}/server/lib/commons-modeler.jar
        tomcat-jni.jar=${catalina.home}/server/lib/tomcat-apr.jar

  2) Run `ant jar`
  3) Copy the resulting tomcat-util.jar to $CATALINA_HOME/server/lib

Currently, only one CRL file is supported (with the attribute 'crlFile'). 
It wouldn't be too hard to hack JSSE15SocketFactory to support multiple CRL 
files.  If you want to do it and submit it back, I'd take a look at it. 
Otherwise, you'll have to combine yours.

The file format for crlFile is simply that documented for 
java.security.cert.CertificateFactory.generateCRLs.  Other than that, it 
should just work :).

>
> I apologize if this has been answered already.  The firewall at work
> prevents me from searching the archives.
>
>
>
> Thanks in advance for you help.
>
>
>
>
>
> --Paul
>
> 




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org