[jboss-user] [Security & JAAS/JBoss] - JBOSS Support for CRL

mali519 do-not-reply at jboss.com
Wed Jul 23 01:16:24 EDT 2008

We are trying to setup HTTPS for JBOSS version 4.0.5. In this regards we discovered the following limitations in JBOSS

1. JBOSS does not support CRL Distribution point using a HTTP URL. We worked around this issue by manually copying the CRL to a local CRL cache file and pointing crlFile to this local cache.

2. In order for JBOSS to pick up the updated CRL , it requires a restart.

3. The last but annoying aspect is that JBOSS does not accept connections if next update for CRL expired and it has not been able to acquire the CRL update. We plan to publish the CRL's routinely so it is important to pick up the dates. We basically set the next update in the CRL to be a day and noticed that JBOSS does not accept connections anymore if next update time has passed. Not sure why this behavior exists

Can anyone recommend workaroud/resolution/patches for these issues especially #3. Really appreciate all your help


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4166062#4166062

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4166062

More information about the jboss-user mailing list