This thread was super useful. thanks for sharing
On Wed, Apr 17, 2019 at 3:29 PM John Palmer wrote:
> I'm still struggling with getting APR/OpenSSL to do the OCSP check.
>
> I'd appreciate some tips:
> versions: Java 8 (1.8.0_202), 64-bit, tomcat 8.5.38, APR 1.2.21
> using APR/OpenSSL (the tc-na
I'm still struggling with getting APR/OpenSSL to do the OCSP check.
I'd appreciate some tips:
versions: Java 8 (1.8.0_202), 64-bit, tomcat 8.5.38, APR 1.2.21
using APR/OpenSSL (the tc-native-1.dll binary for Windows, compiled w OCSP
support - the X64 dll from
tomcat-native-1.2.21-openssl-1.1.1a-oc
Well, after much research and experimentation I got OCSP working with the
JSSE flaovor, NIO2 connector (renamed the OCSP-enabled tc-native-1.dll so
it isn't used and JSSE is used instead).
2 things had to be set:
1: server.xml: add to the SSLHostConfig section (inside the Connector
section)
I appreciate your response
> Setting `certificateVerification="require"` on your Connector
I changed
`certificateVerification="REQUIRED"
to
`certificateVerification="require"`
still not seeing any OCSP calls in wireshark for this
I did find out how to enable logging better (by adding e
Hi,
On Mon, Apr 1, 2019 at 3:30 PM John Palmer wrote:
> What, if anything, needs to be configured to ENABLE (preferably REQUIRE)
> tomat to do CLIENT certificate revocation checking via OCSP in Tomcat
> 8.5.38 using Openssl ?
Setting `certificateVerification="require"` on your Connector and us
What, if anything, needs to be configured to ENABLE (preferably REQUIRE)
tomat to do CLIENT certificate revocation checking via OCSP in Tomcat
8.5.38 using Openssl ?
I'm sure I'm missing something simple and obvious (once pointed out) but
I've been struggling with this all morning).
1) using Open
