Tomcat version? Tomcat Native version?
Mark On 19/06/2019 23:46, Michael Magnuson wrote: > Hi, > > I'm running Tomcat 8.5 on RHEL 7.6. I'm successfully using client > certificate validation from the smart card, but I would like to add > client-cert OCSP revocation checking. I *think* I've set up the connector > correctly in the server.xml file, but although the server starts and operates > fine with no errors in the logs, it is not sending any sort of OCSP traffic. > The user certs do have the responder URL in the AIA field. > I'm fairly new to this, so I ask some of you more knowledgeable folks to > please review my connector configuration and point out if something is wrong, > or missing, or if there's a setting some place else that I need to turn on. > My connector configuration is as follows: > > <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" > maxThreads="150" SSLEnabled="true" > scheme="https" SSLEnabled="true" > SSLCertificateFile="path_to_server.crt" > SSLCertificateKeyFile="path_to_server.key" > SSLPassword="password" > SSLCertificateChainFile="path_to_chain" > SSLProtocol="TLSv1.1+TLSv1.2" > clientAuth="want" trustStoreFile="path_to_truststore" > trustStorePass="password" > caCertificateFile="path_to_ca_file" > certificateVerification="require" > certificateVerificationDepth="10" > > <Certificate > certificateFile="path_to_OCSP_signing_cert" > certificateKeyFile="path_to_OCSP_public_key" /> > </Connector> > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
