• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Certificate validation against CRL on Java EE - common scenario, experience?

 
Ranch Hand
Posts: 65
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Java EE application, autentication using certificates.

How to handle revoked certificates?

Java out of box supports CRL (Certificate Revocation List), and it all works fine when I test it against static CRL file.

What is most common scenario of maintenance of CRL and validation of certificates in real life Java EE application, when application is under cluster?

Autentication with Certificates does not make any sense if there is no validation against OCSP or CRL. So, the even most simple scenario should include check if certificate is revoked.

But yet, I could not find any developer experience on this, on Web or books. OCSP and Dynamic CRL might work just fine, but there should be reliable alternative in case evocation status can not be obtained dynamically, some kid of locally stored copy of CRL.

1)How often to update CRL list, but not to affect system performance (Using some kind of Cron job)?
2)Where to store it?
Easiest solution would be on storing CRL file system, but I don't like Java EE applications writing to file system. More over, clustered environment would introduce additional issues.

Alternatively, this could be stored to DB, but it introduces complexity, and possible affects performance in multy-user environment.

Is there anyone with system using Certifcate authentication on Jave EE application, with validation against OCSP/CRL with experience to share?

Thanks.

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Dear
I need a program which checks the validity of a certificate by checking CRL?? I am new to java So if you can help me in this regards. I will be thankful to you.

Thanks
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic