[jboss-jira] [JBoss JIRA] (WFWIP-161) OCSP configuration does not work
Martin Mazanek (Jira)
issues at jboss.org
Thu May 9 18:39:00 EDT 2019
[ https://issues.jboss.org/browse/WFWIP-161?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13731691#comment-13731691 ]
Martin Mazanek commented on WFWIP-161:
--------------------------------------
You didn't actually set the trust-manager to use OCSP. Try this:
{code}
/subsystem=elytron/trust-manager=oscpTM:add(key-store=ocspKS, ocsp={})
{code}
> OCSP configuration does not work
> --------------------------------
>
> Key: WFWIP-161
> URL: https://issues.jboss.org/browse/WFWIP-161
> Project: WildFly WIP
> Issue Type: Bug
> Components: Security
> Environment: WildFly built with following branches in use:
> {code}
> https://github.com/nekdozjam/wildfly-elytron/tree/ELY-1617
> https://github.com/nekdozjam/wildfly-core/tree/WFCORE-3947
> {code}
> Reporter: Jan Stourac
> Assignee: Martin Mazanek
> Priority: Major
>
> I tried to configure OCSP support in WildFly trust-manager, although it looks like I am not able to configure it properly. After all my steps (see in 'steps to reproduce' section), my WildFly server accepts clients both with valid and revoked certificates. Although expected behavior is to accept only the one with the valid certificate.
> Looking in the OCSP responder log (OpenSSL used for this), it looks like there is even no request to it. Checked also Wireshark with same result - no request to OCSP responder on my machine.
> As such, there is probably some problem in implementation or my actual configuration is buggy. Could you please check and give some advice?
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list