I have implemented Client Authentication to my Tomcat Server. I have distributed client X509

Question

0

Asked: June 3, 20262026-06-03T09:49:00+00:00 2026-06-03T09:49:00+00:00

I have implemented Client Authentication to my Tomcat Server. I have distributed client X509

0

I have implemented Client Authentication to my Tomcat Server. I have distributed client X509 certificates and JKS which were generated using my own CA crt and openSSL. Now i want to use CRL to block some of my clients. How to add a CRL to tomcat?…I dont find any help from Google on this.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-03T09:49:01+00:00

Am answering my own question. In Tomcat Connector tag you have crlFile parameter which can be generated using openssl. The commands looks some thing like this:

openssl ca -config openssl.my.cnf -revoke certs/server.crt
openssl ca -config openssl.my.cnf -gencrl -out crl/myca.crl

And the file myca.crl is to be updated in Connector tag of Tomcat which looks something like this:

<Connector protocol="org.apache.coyote.http11.Http11Protocol"
           port="8443"
           SSLEnabled="true"
           maxThreads="150"
           scheme="https"
           secure="true"
           clientAuth="true"
           sslProtocol="TLS"
           keystoreFile="one.mamoi.semdev.com.pkcs12"
           keystoreType="PKCS12"
           keystorePass="changeit"
           truststoreFile="server.truststore"
           truststorePass="changeit"
           truststoreType="JKS"
           crlFile="/home/ubuntu/myCA/crl/myca.crl"/>

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have implemented Client Authentication to my Tomcat Server. I have distributed client X509

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply