在的Tomcat6证书吊销列表 [英] Certificate Revocation List in Tomcat6
问题描述
我已经实现了客户端身份验证到我的Tomcat服务器。我已经分布式客户端X509证书,哪些是用我自己的CA CRT和OpenSSL产生JKS。现在,我想使用CRL来阻止我的一些客户。如何添加CRL到Tomcat?......我不找到谷歌的任何帮助这一点。
I have implemented Client Authentication to my Tomcat Server. I have distributed client X509 certificates and JKS which were generated using my own CA crt and openSSL. Now i want to use CRL to block some of my clients. How to add a CRL to tomcat?...I dont find any help from Google on this.
推荐答案
我回答我自己question..In Tomcat连接器的标签,你有哪些可使用OpenSSL的生成crlFile参数。该命令看起来有些东西像这样
Am answering my own question..In tomcat connector tag you have crlFile parameter which can be generated using openssl. The commands looks some thing like this
openssl ca -config openssl.my.cnf -revoke certs/server.crt
openssl ca -config openssl.my.cnf -gencrl -out crl/myca.crl
和文件myca.crl是在Tomcat中的连接器标签,它看起来像这样进行更新
And the file myca.crl is to be updated in connector tag of tomcat which looks something like this
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="true"
sslProtocol="TLS"
keystoreFile="one.mamoi.semdev.com.pkcs12"
keystoreType="PKCS12"
keystorePass="changeit"
truststoreFile="server.truststore"
truststorePass="changeit"
truststoreType="JKS"
crlFile="/home/ubuntu/myCA/crl/myca.crl"/>
这篇关于在的Tomcat6证书吊销列表的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!