Configure Jetty to support OCSP and CRL lists

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Configure Jetty to support OCSP and CRL lists

Oluf Færø

The Jetty documentation contains a section on “Configuring the Jetty SslContextFactory”.

 

Three of the bullet points in the documentation (https://www.eclipse.org/jetty/documentation/9.4.x/configuring-ssl.html#configuring-sslcontextfactory) say that the SslContextFactory is responsible for

  • Certificate Revocation Lists and Distribution Points (CRLDP)
  • OCSP Support
  • Client Authentication Support

I have the Client Authentication Support working. But how do I configure the support for Certificate Revocation Lists and OCSP ?  I need to have this configured to check if the client certificates have been revoked.

 

There is nothing mention in the documentation, as far as I can see.

 

The javadoc (https://www.eclipse.org/jetty/javadoc/9.4.7.v20170914/org/eclipse/jetty/util/ssl/SslContextFactory.html#) mentions a couple of CRL and OCSP methods.

 

But where can I read more on how this should be configured ?

 

Or if somebody could describe a working configuration ?

 


_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: Configure Jetty to support OCSP and CRL lists

Simone Bordet-3
Hi,

On Mon, Jan 8, 2018 at 5:57 PM, Oluf Færø <[hidden email]> wrote:

> The Jetty documentation contains a section on “Configuring the Jetty
> SslContextFactory”.
>
>
>
> Three of the bullet points in the documentation
> (https://www.eclipse.org/jetty/documentation/9.4.x/configuring-ssl.html#configuring-sslcontextfactory)
> say that the SslContextFactory is responsible for
>
> Certificate Revocation Lists and Distribution Points (CRLDP)
> OCSP Support
> Client Authentication Support
>
> I have the Client Authentication Support working. But how do I configure the
> support for Certificate Revocation Lists and OCSP ?  I need to have this
> configured to check if the client certificates have been revoked.
>
>
>
> There is nothing mention in the documentation, as far as I can see.
>
>
>
> The javadoc
> (https://www.eclipse.org/jetty/javadoc/9.4.7.v20170914/org/eclipse/jetty/util/ssl/SslContextFactory.html#)
> mentions a couple of CRL and OCSP methods.
>
>
>
> But where can I read more on how this should be configured ?
>
>
>
> Or if somebody could describe a working configuration ?

SslContextFactory, for CRL and OCSP, just forwards the information to
the relevant JDK classes, so it should be enough for you to configure
CRL and OCSP in SslContextFactory.
Have you done it already ?

--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users