> On 04/10/10 6:19 PM, Kumar.Jayanti wrote:
Kumar,
Thanks for the replies. First note that on 07/10/10 when I re-posted, I had not seen your replies - they where not present, so I thought that there were no replies.
After more and careful reading of various blogs - yours in particular - and the Sun GlassFish Enterprise Server v3 Domain File Format Reference (820-7694), I did find the attribute "crl-file" in the <ssl .... />. The examples show the file name of "crl.pem" which would infer the use of a PEM encoded file. But alas, and please confirm / correct me, using a PEM encoded file seems to throw an exception (as noted in my replies in this thread). I tried using a DER encoded file and to my surprise the exception was no longer thrown. However I still have an issue. When I present a revoked cert, the CrlRevocationChecker.verifyRevocationStatus CRL entry DOES find the rovoked cert, but the process still shows "-checker6 validation succeeded" and the requested page/data is returned. Please advise. Is this a situation that needs to be addressed by application code or is GlassFish supposed to throw an exception on revoked certs too? Please note that when I use a cert that is expired GlassFish does throw an exception causing a browser to re-ask for a valid cert. Also of note the Cert path validation is using the "PKIX validation algorithm".
Thanks for your time and help.
Cheers, Eric.
[Message sent by forum member 'eliscinsky']
http://forums.java.net/jive/thread.jspa?messageID=484759