Re: Certificate Revocation List (CRL) use in GlassFish v3

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: <glassfish_at_javadesktop.org>
Date: Thu, 07 Oct 2010 11:43:59 PDT

> I'm using the following in my domain.xml
>
> <ssl key-store="${com.sun.aas.instanceRoot}/config/keystore.jks" trust-store="${com.sun.aas.instanceRoot}/config/cacerts.jks" cert-nickname="alias" trust-algorithm="PKIX" client-auth-enabled="true" crl-file="${com.sun.aas.instanceRoot}/config/crl.pem" />

Found my own solution. CRL needs to be DER format. PEM format would not work and threw the error. After converting CRL to DER format I'm now using the following.

<ssl key-store="${com.sun.aas.instanceRoot}/config/keystore.jks" trust-store="${com.sun.aas.instanceRoot}/config/cacerts.jks" cert-nickname="alias" trust-algorithm="PKIX" client-auth-enabled="true" crl-file="${com.sun.aas.instanceRoot}/config/crl.der" />

Good Luck, Eric.
[Message sent by forum member 'eliscinsky']

http://forums.java.net/jive/thread.jspa?messageID=484567