"Dobson Paul L Contr 84 MSUG/GBMLBR" <[EMAIL PROTECTED]> wrote in
message
news:[EMAIL PROTECTED]
>I have just downloaded and installed tomcat 5.5.15 and configured SSL and
> Client Authentication. I have about a dozen different CRL lists I need to
> authenticate against. I have read little bits and pieces about CRL list
> support from different postings here and there like having to recompile
> with
> java 5, using crlfile or crlfiles properties, etc. Is there anywhere that
> I
> can get good quality thorough documentation or a good tutorial on how to
> achieve CRL support on tomcat?
>
>
Yes, you can write it up, and submit it. Patches are always welcome ;-).
Yes, since there isn't yet a Java 5 binary distro, you need to grab the
source distro, and at a minumum compile
org.apache.tomcat.util.net.jsse.JSSE15*.java. If you've already got the
binary distro, than it's probably easier to just rebuild all of
tomcat-util.jar:
1) Goto connectors/util, and create a build.properties file with your
favorite editor with:
catalina.home=/path/to/tomcat
commons-logging.jar=${catalina.home}/bin/commons-logging-api.jar
commons-modeler.jar=${catalina.home}/server/lib/commons-modeler.jar
tomcat-jni.jar=${catalina.home}/server/lib/tomcat-apr.jar
2) Run `ant jar`
3) Copy the resulting tomcat-util.jar to $CATALINA_HOME/server/lib
Currently, only one CRL file is supported (with the attribute 'crlFile').
It wouldn't be too hard to hack JSSE15SocketFactory to support multiple CRL
files. If you want to do it and submit it back, I'd take a look at it.
Otherwise, you'll have to combine yours.
The file format for crlFile is simply that documented for
java.security.cert.CertificateFactory.generateCRLs. Other than that, it
should just work :).
>
> I apologize if this has been answered already. The firewall at work
> prevents me from searching the archives.
>
>
>
> Thanks in advance for you help.
>
>
>
>
>
> --Paul
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
