Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] Configure Jetty to support OCSP and CRL lists

The Jetty documentation contains a section on “Configuring the Jetty SslContextFactory”.

 

Three of the bullet points in the documentation (https://www.eclipse.org/jetty/documentation/9.4.x/configuring-ssl.html#configuring-sslcontextfactory) say that the SslContextFactory is responsible for

  • Certificate Revocation Lists and Distribution Points (CRLDP)
  • OCSP Support
  • Client Authentication Support

I have the Client Authentication Support working. But how do I configure the support for Certificate Revocation Lists and OCSP ?  I need to have this configured to check if the client certificates have been revoked.

 

There is nothing mention in the documentation, as far as I can see.

 

The javadoc (https://www.eclipse.org/jetty/javadoc/9.4.7.v20170914/org/eclipse/jetty/util/ssl/SslContextFactory.html#) mentions a couple of CRL and OCSP methods.

 

But where can I read more on how this should be configured ?

 

Or if somebody could describe a working configuration ?

 

Back to the top