Java security configuration to look at CRL for revocation checking
Sean Mullan
sean.mullan at oracle.com
Tue Jan 5 18:38:12 UTC 2016
On 01/05/2016 12:28 PM, Seshadri, Usha wrote:
> Hi,
>
> I am using Java 8, and am trying to configure JVM to go to CRL for
> revocation checking.I didn’t see any parameter in java.security to
> enable CRL revocation checking, although there are parameters to
> configure OCSP.
>
> I tried setting these two parameters as JVM options with -D, but doesn’t
> seem to take any effect.
>
> deployment.security.validation.crl= true
>
> deployment.security.validation.crl.url=file:///root/xyz/crls/ àpoints to
> the CRL directory
These properties are not general JDK system properties. They are
specifically used for revocation checking of certificates used when
running signed applets via Java Plugin or WebStart.
> What configurable property controls the CRL revocation checking? Any
> answer will be greatly appreciated!
It would be helpful to know what security APIs your application is
using, as the JVM itself doesn't perform revocation checking. For
example, if you are using JSSE, then setting the following system
properties may help address your issue:
com.sun.net.ssl.checkRevocation=true
com.sun.security.enableCRLDP=true
You can find more information and examples in the JSSE reference guide:
http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html
Note that this list is not intended to be a general alias for questions
about Java Security, so this question is somewhat off topic. There are
various forums/websites that are probably more appropriate.
Thanks,
Sean
>
> Thanks,
>
> Usha Seshadri
>
> Lockheed Martin, IS&GS
>
> 301-240-7496
>
> LM-logo
>
More information about the security-dev
mailing list