I have implemented Client Authentication in Tomcat6. I wanted to add CRL file to the server. How to do the same?
i had same problem. i asked same question as well. Refer this link:
Certificate Revocation List in Tomcat6
Anyways in tomcat Connector tag you have crlFile parameter which can be generated using openssl. The commands looks some thing like this
openssl ca -config openssl.my.cnf -revoke certs/server.crt
openssl ca -config openssl.my.cnf -gencrl -out crl/myca.crl
And the file myca.crl is to be updated in Connector tag of Tomcat which looks something like this:
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="true"
sslProtocol="TLS"
keystoreFile="one.mamoi.semdev.com.pkcs12"
keystoreType="PKCS12"
keystorePass="changeit"
truststoreFile="server.truststore"
truststorePass="changeit"
truststoreType="JKS"
crlFile="/home/ubuntu/myCA/crl/myca.crl"/>