How to enable CRL check for Tibco BE applications

How to enable CRL check for Tibco BE applications

book

Article ID: KB0071644

calendar_today

Updated On:

Products Versions
TIBCO BusinessEvents Enterprise Edition 6.X

Description

Details for Enabling the CRL (Certificate Revocation Lists) check in TIBCO BE

Environment

All Operating systems

Resolution

Java provides couple of properties to enable CRL check. To Enable the CRL check for BE applications, please add the below system properties in be-engine.tra file :-

java.property.com.sun.net.ssl.checkRevocation=true
java.property.com.sun.security.enableCRLDP=true

When you start the Application, You can see the below entries related to CRL in Application log:-

certpath: RevocationChecker.check: checking cert
  SN:     39252e20 e18cd90c 0a000000 00e8323f
  Subject: CN=*.abc.com
  Issuer: CN=ABC, O=ABC LLC, C=US
certpath: RevocationChecker.checkCRLs() ---checking revocation status ...
certpath: RevocationChecker.checkCRLs() possible crls.size() = 0
certpath: RevocationChecker.checkCRLs() approved crls.size() = 0
certpath: DistributionPointFetcher.getCRLs: Checking CRLDPs for CN=*.ABC.com
certpath: Trying to fetch CRL from DP http://crls.pki.abc/abc/fVJxbV-Ktmk.crl
certpath: CertStore URI:http://crls.pki.abc/abc/fVJxbV-Ktmk.crl
certpath: Downloading new CRL...
certpath: DistributionPointFetcher.verifyCRL: checking revocation status for



 

Issue/Introduction

How to enable CRL (Certificate Revocation Lists) in TIBCO BE applications
Powered by Wolken Software