glassfish_at_javadesktop.org wrote:
>Thanks for the clarity. Basicly what you tell me is, in order to make checking a CRL is to make sure the certificates include an CRLDistributionPoints extention and if I put in that location the crl file so it can be downloaded it works.
>
>Well I can live with that so I gonna try it. Using a file is not that good anyway. Just one question, is the CRL cached or retrieved each time a certificate is checked?
>
>
As you know CRL caching is not a good idea as much as a static crlFile.
The runtime would then need to deal with making sure it periodically
updates its CRL, but i guess that would also not be a fool proof IMO.
I am actually not aware how JSSE handles it. You may want to pose a
question on this in the Java SE forums. You may want to consider using
OCSP otherwise.
regards,
kumar
>Thanks
>
>Johan
>[Message sent by forum member 'jcstover' (jcstover)]
>
>http://forums.java.net/jive/thread.jspa?messageID=320800
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>