sura wrote:
I have developed a web application uisng jsf with two way SSL and runs
in apache. Now I want to validate revocation status of client
certificate using OCSP. How can I achieve this online validation
process.
I have design the system as follows and I want to know is this a good
approach or are there better ways to achieve this?
When client presents his serial, web application(Client) will send it to
Apache server where it will create a socket connection with OCSP
responder. Then Servlet inside Apache will create OCSPREq and send it to
the OCSP responder. Responder will process it and send result to the
Servlet and based on the result apache will send boolean value to the
client.
regards,
Suranjith.
Although I'm not 100% sure that I have understood what exactly you are
doing .. you could have a look at this patch :
https://issues.apache.org/bugzilla/show_bug.cgi?id=45392
With this patch if the certificates have an OCSP field tomcat connects
to the OCSP server and validates the certificate, so if there is an
error tomcat just returns an error to the client .. and no further
processing is carried.
Best regards,
Aristotelis
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
