Announcement Announcement Module
Collapse
No announcement yet.
Check X509 certificate revocation status in Spring-Security before authenticating Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Check X509 certificate revocation status in Spring-Security before authenticating

    Is it possible to check the revocation status of a x509 client certificate through the CRL in spring-security before authenticating it? I've checked documentations (http://static.springsource.org/sprin...ence/x509.html) but it doesn't mention anything about CRL.

    Implementing UserService only gives you the username and not the X509Certificate. Any help would be appreciated!

    Thanks!

  • #2
    No, there's no functionality for checking CRLs. The SSL handshake is performed by the servlet container, so that is most likely where any CRL checking ought to occur. Spring Security's X.509 authentication assumes that the certificate is valid from an SSL perspective and only attempts to translate the data into a valid user identity in the local system.

    Comment

    Working...
    X