Using CRL in Springboot

Asked Feb 09 '21 at 17:06

Active Feb 09 '21 at 17:06

Viewed 473 times

I'am trying to set up a secure REST server with SpringBoot. (2.4.2) I am using:

server.ssl.enabled=true
server.ssl.client-auth=need

And I managed to use CRL by using a ConfigurableServletWebServerFactory in my AppConfiguration:

@Bean
  ConfigurableServletWebServerFactory webServletFactoyry() {

    TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory();

    factory.addConnectorCustomizers(
      new TomcatConnectorCustomizer[] {new TomcatConnectorCustomizer() {
        @Override
        public void customize(Connector connector) {
          Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
          protocol.setCrlFile(my_crl_file);
        }
      }});
    return factory;
  }

My questions are:

How to pass more than one CRL ? ( I need one CRL for each CA in my certification chain)
How to use CRL deltas?
Can SpringBoot hot reload my CRL files ? ( changing CRLs without restarting server)
If not, what can I do ?

Thanks a lot.

asked Feb 09 '21 at 17:06

user3168726

Using CRL in Springboot

0 Answers0