如何在 Tomcat 中添加用于客户端身份验证的 CRL 文件?
[英]How to add CRL file for Client-Authentication in Tomcat?
问题描述
I have implemented Client Authentication in Tomcat6.
我已经在 Tomcat6 中实现了客户端身份验证。 I wanted to add CRL file to the server.我想将 CRL 文件添加到服务器。 How to do the same?如何做同样的事情?
1 个解决方案
解决方案1
0 已采纳 2012-08-10 11:06:37
i had same problem.我有同样的问题。 i asked same question as well.我也问了同样的问题。 Refer this link:参考这个链接:
Certificate Revocation List in Tomcat6 Tomcat6 中的证书吊销列表
Anyways in tomcat Connector tag you have crlFile parameter which can be generated using openssl.无论如何,在 tomcat Connector标签中,您有crlFile参数,可以使用 openssl 生成。 The commands looks some thing like this命令看起来像这样
openssl ca -config openssl.my.cnf -revoke certs/server.crt
openssl ca -config openssl.my.cnf -gencrl -out crl/myca.crl
And the file myca.crl is to be updated in Connector tag of Tomcat which looks something like this:文件myca.crl将在 Tomcat 的Connector标签中更新,如下所示:
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="true"
sslProtocol="TLS"
keystoreFile="one.mamoi.semdev.com.pkcs12"
keystoreType="PKCS12"
keystorePass="changeit"
truststoreFile="server.truststore"
truststorePass="changeit"
truststoreType="JKS"
crlFile="/home/ubuntu/myCA/crl/myca.crl"/>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.