我在Tomcat6中实现了客户端身份验证。我想将CRL文件添加到服务器。怎么做?
答案 0 :(得分:0)
Certificate Revocation List in Tomcat6
无论如何在tomcat连接器标签中你有crlFile参数,可以使用openssl生成。命令看起来像这样
openssl ca -config openssl.my.cnf -revoke certs/server.crt
openssl ca -config openssl.my.cnf -gencrl -out crl/myca.crl
文件myca.crl将在tomcat的connector标签中更新,看起来像这样
<Connector protocol="org.apache.coyote.http11.Http11Protocol" port="8443"
SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="one.mamoi.semdev.com.pkcs12" keystoreType="PKCS12"
keystorePass="changeit"
truststoreFile="server.truststore" truststorePass="changeit"
truststoreType="JKS" crlFile="/home/ubuntu/myCA/crl/myca.crl" />