Hi Fernando,
glassfish_at_javadesktop.org wrote:
>Last week I found out that glassfish v2 b44 has CRL support, which our organization needs. They want us to implement OCSP, but CRL would do for now.
>
>Does anyone have an idea on how to enable CRL on glassfish? I believe some properties need to be added like for example "crlFile" and maybe some others. A this point I haven't seen any documentation on how to enable it. I looked at the source code changes they were only 2 files (JSSE changes).
>
>
You enable CRL checking by specifying the location of the CRL file as a
property of the
security enabled <http-listener>.
(Unfortunately, the <ssl> element, which would have been more
appropriate for this,
does not support any properties.)
I just realized that the fix for
https://glassfish.dev.java.net/issues/show_bug.cgi?id=2188
("CRL support needed")
has been incomplete, in that it does not let you specify any CRL file
property.
I will be committing support for this property shortly, and reopen the
bug and
reassign it to docs, so the new property will be properly documented.
Thanks,
Jan