Re: Certficate verification - Websphere

This is a discussion on Re: Certficate verification - Websphere ; > WAS does NOT check do CRL checking prior to version 6.1. In 6.1 this is an > optional feature - not on by default. I suppose it's the following you mean to refer to ? " (...) default PKIXParameters ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: Certficate verification

  1. Re: Certficate verification

    > WAS does NOT check do CRL checking prior to version 6.1. In 6.1 this is an
    > optional feature - not on by default.


    I suppose it's the following you mean to refer to ?

    "
    (...) default PKIXParameters are used with the exception that revocation
    checking is disabled. It can be enabled by setting the system property
    com.ibm.net.ssl.checkRevocation to true. Note that this setting requires
    that the CertPath implementation can locate revocation information by
    itself. The PKIX implementation in the IBM provider can do this in many
    cases but requires that the system property com.ibm.security.enableCRLDP be
    set to true.
    "
    http://www-128.ibm.com/developerwork...2RefGuide.html


  2. Re: Certficate verification

    Ben_ wrote:
    >> WAS does NOT check do CRL checking prior to version 6.1. In 6.1 this
    >> is an optional feature - not on by default.

    >
    > I suppose it's the following you mean to refer to ?
    >
    > "
    > (...) default PKIXParameters are used with the exception that revocation
    > checking is disabled. It can be enabled by setting the system property
    > com.ibm.net.ssl.checkRevocation to true. Note that this setting requires
    > that the CertPath implementation can locate revocation information by
    > itself. The PKIX implementation in the IBM provider can do this in many
    > cases but requires that the system property com.ibm.security.enableCRLDP
    > be set to true.
    > "
    > http://www-128.ibm.com/developerwork...2RefGuide.html
    >
    >


    Yes

+ Reply to Thread