[jboss-user] [Security & JAAS/JBoss] - JBOSS Support for CRL
do-not-reply at jboss.com
Wed Jul 23 01:16:24 EDT 2008
We are trying to setup HTTPS for JBOSS version 4.0.5. In this regards we discovered the following limitations in JBOSS
1. JBOSS does not support CRL Distribution point using a HTTP URL. We worked around this issue by manually copying the CRL to a local CRL cache file and pointing crlFile to this local cache.
2. In order for JBOSS to pick up the updated CRL , it requires a restart.
3. The last but annoying aspect is that JBOSS does not accept connections if next update for CRL expired and it has not been able to acquire the CRL update. We plan to publish the CRL's routinely so it is important to pick up the dates. We basically set the next update in the CRL to be a day and noticed that JBOSS does not accept connections anymore if next update time has passed. Not sure why this behavior exists
Can anyone recommend workaroud/resolution/patches for these issues especially #3. Really appreciate all your help
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4166062#4166062
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4166062
More information about the jboss-user