aspose file tools*
The moose likes Tomcat and the fly likes Certificate Revocation with TomCat7 APR Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Certificate Revocation with TomCat7 APR" Watch "Certificate Revocation with TomCat7 APR" New topic
Author

Certificate Revocation with TomCat7 APR

Dennis Wunderwald
Greenhorn

Joined: Nov 28, 2012
Posts: 1
Hi

I have some problems with integrating client certificate authentication on TomCat7.
TomCat ist running on a Windows 2008R2 Server in apr mode. The server belongs to a domain. I have a Microsoft CA installed on the domaincontroller, the webserver certificate, the user certificates and the certificate revocation list are distributed by this CA. Client authentication is working fine, but I couldn't figure out yet, how to integrate the revocation list.

The connector ist the following:

<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEnabled="true"
SSLVerifyClient="require"
SSLVerifyDepth="10"
SSLCertificateFile="C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\webservercertificate.crt"
SSLCertificateKeyFile="C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\webserverkey.key"
SSLCACertificateFile="C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\rootcertificate.crt"
SSLPassword="password"
/>

I have written "SSLCARevocationFile="C:\Program Files\...\revocationlist.crl" in the connector, but it hasn't had any effect. After restarting TomCat, the connection to https://localhost/manager still asks me for the certificate and lets me through, instead of blocking me. So there ist no difference if I have written "SSLCARecovationFile" in the connector or not. Is it possible that I have to convert the .crl in an other fileformat?

So, any ideas how to get this working? Thanks in advance!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Certificate Revocation with TomCat7 APR
 
Similar Threads
SSL and APR native support not working together
Tomcat SSL .Enabling Client authentication with tomcat
how to install apache tomcat 5.5
Calling SalesForce platform from java code
Error in retrieve/generate WSDL in https/ssl