File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Tomcat and the fly likes Certificate Revocation with TomCat7 APR Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Certificate Revocation with TomCat7 APR" Watch "Certificate Revocation with TomCat7 APR" New topic
Author

Certificate Revocation with TomCat7 APR

Dennis Wunderwald
Greenhorn

Joined: Nov 28, 2012
Posts: 1
Hi

I have some problems with integrating client certificate authentication on TomCat7.
TomCat ist running on a Windows 2008R2 Server in apr mode. The server belongs to a domain. I have a Microsoft CA installed on the domaincontroller, the webserver certificate, the user certificates and the certificate revocation list are distributed by this CA. Client authentication is working fine, but I couldn't figure out yet, how to integrate the revocation list.

The connector ist the following:

<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEnabled="true"
SSLVerifyClient="require"
SSLVerifyDepth="10"
SSLCertificateFile="C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\webservercertificate.crt"
SSLCertificateKeyFile="C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\webserverkey.key"
SSLCACertificateFile="C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\rootcertificate.crt"
SSLPassword="password"
/>

I have written "SSLCARevocationFile="C:\Program Files\...\revocationlist.crl" in the connector, but it hasn't had any effect. After restarting TomCat, the connection to https://localhost/manager still asks me for the certificate and lets me through, instead of blocking me. So there ist no difference if I have written "SSLCARecovationFile" in the connector or not. Is it possible that I have to convert the .crl in an other fileformat?

So, any ideas how to get this working? Thanks in advance!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Certificate Revocation with TomCat7 APR