Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Certificate Revocation with TomCat7 APR

 
Dennis Wunderwald
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

I have some problems with integrating client certificate authentication on TomCat7.
TomCat ist running on a Windows 2008R2 Server in apr mode. The server belongs to a domain. I have a Microsoft CA installed on the domaincontroller, the webserver certificate, the user certificates and the certificate revocation list are distributed by this CA. Client authentication is working fine, but I couldn't figure out yet, how to integrate the revocation list.

The connector ist the following:

<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEnabled="true"
SSLVerifyClient="require"
SSLVerifyDepth="10"
SSLCertificateFile="C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\webservercertificate.crt"
SSLCertificateKeyFile="C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\webserverkey.key"
SSLCACertificateFile="C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\rootcertificate.crt"
SSLPassword="password"
/>

I have written "SSLCARevocationFile="C:\Program Files\...\revocationlist.crl" in the connector, but it hasn't had any effect. After restarting TomCat, the connection to https://localhost/manager still asks me for the certificate and lets me through, instead of blocking me. So there ist no difference if I have written "SSLCARecovationFile" in the connector or not. Is it possible that I have to convert the .crl in an other fileformat?

So, any ideas how to get this working? Thanks in advance!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic