You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Усманов Азат Анварович <us...@ieml.ru> on 2018/11/02 11:05:24 UTC

Tomcat 9 ocsp via proxy

Hi everyone! Is it possible to specify proxy server address for server-side ocsp checking on tomcat when using apr /tomcat native for tls connections ? Something  apache-like

SSLStaplingForceURL http://internal-proxy.example.org:port

or  something  nginx-like directive
ssl_stapling_file file;
so the stapled OCSP response will be taken from the specified file instead of querying the OCSP responder specified in the server certificate.

I tried using

SSLStaplingForceURL="http://internal-proxy.example.org:port"

on both connector and Certificate element with latest tomcat 9.0.12 which resulted in  " {Server/Service/Connector/SSLHostConfig/Certificate} Setting property 'SSLStaplingForceURL' to 'http://192.168.1.6:3131' did not find a matching property" in logs. So it looks like tomcat doesn't support this (yet)

Should I put an enhancement request for that?