Re: OCSP Connector on Tomcat 8.5 not working

Thu, 20 Jun 2019 08:20:01 -0700 

Mark,

Tomcat version 8.5.41 and TCNative version 1.2.21.


Mike Magnuson | Semper Valens Solutions, Inc.

DCGS-A Fixed Systems Engineer

Phone: (520) 263-0759

Email: mmagnu...@sempervalens.com

http://www.sempervalens.com/

ISO 9001:2015 | CMMI DEV /3

________________________________
From: Mark Thomas <ma...@apache.org>
Sent: Thursday, June 20, 2019 3:33 AM
To: users@tomcat.apache.org
Subject: Re: OCSP Connector on Tomcat 8.5 not working

Tomcat version?

Tomcat Native version?

Mark


On 19/06/2019 23:46, Michael Magnuson wrote:
> Hi,
>
> I'm running Tomcat 8.5 on RHEL 7.6.  I'm successfully using client 
> certificate validation from the smart card, but I would like to add 
> client-cert OCSP revocation checking.  I *think* I've set up the connector 
> correctly in the server.xml file, but although the server starts and operates 
> fine with no errors in the logs, it is not sending any sort of OCSP traffic.  
> The user certs do have the responder URL in the AIA field.
> I'm fairly new to this, so I ask some of you more knowledgeable folks to 
> please review my connector configuration and point out if something is wrong, 
> or missing, or if there's a setting some place else that I need to turn on.
> My connector configuration is as follows:
>
>  <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
>                 maxThreads="150" SSLEnabled="true"
>                 scheme="https" SSLEnabled="true"
>                 SSLCertificateFile="path_to_server.crt"
>                 SSLCertificateKeyFile="path_to_server.key" 
> SSLPassword="password"
>                 SSLCertificateChainFile="path_to_chain" 
> SSLProtocol="TLSv1.1+TLSv1.2"
>                 clientAuth="want" trustStoreFile="path_to_truststore" 
> trustStorePass="password"
>                 caCertificateFile="path_to_ca_file"
>                 certificateVerification="require"
>                 certificateVerificationDepth="10" >
>       <Certificate
>                 certificateFile="path_to_OCSP_signing_cert"
>                 certificateKeyFile="path_to_OCSP_public_key" />
> </Connector>
>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to