[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] Configure Jetty to support OCSP and CRL lists
|
Hi,
On Mon, Jan 8, 2018 at 5:57 PM, Oluf Færø <ofa@xxxxxxxxxx> wrote:
> The Jetty documentation contains a section on “Configuring the Jetty
> SslContextFactory”.
>
>
>
> Three of the bullet points in the documentation
> (https://www.eclipse.org/jetty/documentation/9.4.x/configuring-ssl.html#configuring-sslcontextfactory)
> say that the SslContextFactory is responsible for
>
> Certificate Revocation Lists and Distribution Points (CRLDP)
> OCSP Support
> Client Authentication Support
>
> I have the Client Authentication Support working. But how do I configure the
> support for Certificate Revocation Lists and OCSP ? I need to have this
> configured to check if the client certificates have been revoked.
>
>
>
> There is nothing mention in the documentation, as far as I can see.
>
>
>
> The javadoc
> (https://www.eclipse.org/jetty/javadoc/9.4.7.v20170914/org/eclipse/jetty/util/ssl/SslContextFactory.html#)
> mentions a couple of CRL and OCSP methods.
>
>
>
> But where can I read more on how this should be configured ?
>
>
>
> Or if somebody could describe a working configuration ?
SslContextFactory, for CRL and OCSP, just forwards the information to
the relevant JDK classes, so it should be enough for you to configure
CRL and OCSP in SslContextFactory.
Have you done it already ?
--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
