在的Tomcat6证书吊销列表 [英] Certificate Revocation List in Tomcat6

问题描述

我已经实现了客户端身份验证到我的Tomcat服务器。我已经分布式客户端X509证书，哪些是用我自己的CA CRT和OpenSSL产生JKS。现在，我想使用CRL来阻止我的一些客户。如何添加CRL到Tomcat？......我不找到谷歌的任何帮助这一点。

I have implemented Client Authentication to my Tomcat Server. I have distributed client X509 certificates and JKS which were generated using my own CA crt and openSSL. Now i want to use CRL to block some of my clients. How to add a CRL to tomcat?...I dont find any help from Google on this.

推荐答案

我回答我自己question..In Tomcat连接器的标签，你有哪些可使用OpenSSL的生成crlFile参数。该命令看起来有些东西像这样

Am answering my own question..In tomcat connector tag you have crlFile parameter which can be generated using openssl. The commands looks some thing like this

openssl ca -config openssl.my.cnf -revoke certs/server.crt
openssl ca -config openssl.my.cnf -gencrl -out crl/myca.crl

和文件myca.crl是在Tomcat中的连接器标签，它看起来像这样进行更新

And the file myca.crl is to be updated in connector tag of tomcat which looks something like this

<Connector protocol="org.apache.coyote.http11.Http11Protocol"
    port="8443"
    SSLEnabled="true"
    maxThreads="150"
    scheme="https"
    secure="true"
    clientAuth="true"
    sslProtocol="TLS"
    keystoreFile="one.mamoi.semdev.com.pkcs12"
    keystoreType="PKCS12"
    keystorePass="changeit"
    truststoreFile="server.truststore"
    truststorePass="changeit"
    truststoreType="JKS"
    crlFile="/home/ubuntu/myCA/crl/myca.crl"/>

这篇关于在的Tomcat6证书吊销列表的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！