发表新帖
发表新帖

Check X509 certificate revocation status in Spring-Security before authenticating

后端 未结
关注
2 1451
无人共我
无人共我 2020-12-21 10:29

Is it possible to check the revocation status of a x509 client certificate through the CRL in spring-security before authenticating it? I\'ve checked documentations (http://

2条回答
  • 醉话见心
    醉话见心 (楼主)
    2020-12-21 10:56

    I'm not sure about the specifics of Spring-Security, but if it's based on the trustmanagers of the JRE (if if it's the Oracle/Sun JRE), you can activate CRL checks by setting these system properties to true: com.sun.net.ssl.checkRevocation and com.sun.security.enableCRLDP, and setting Security.setProperty("ocsp.enable", "true") (thanks to @WillSargent for pointing out it's a Security property, not a system one).

    More details here:

    • http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CERTPATH
    • http://docs.oracle.com/javase/6/docs/technotes/guides/security/certpath/CertPathProgGuide.html#AppC
    • http://blogs.oracle.com/xuelei/entry/enable_ocsp_checking

    0 讨论(0)
 看不清?
提交回复
热议问题