How to enable CRL check for Tibco BE applications
book
Article ID: KB0071644
calendar_today
Updated On:
TIBCO BusinessEvents Enterprise Edition
6.X
Show More
Show Less
Description
Details for Enabling the CRL (Certificate Revocation Lists) check in TIBCO BE
Environment
All Operating systems
Resolution
Java provides couple of properties to enable CRL check. To Enable the CRL check for BE applications, please add the below system properties in be-engine.tra file :- java.property.com.sun.net.ssl.checkRevocation=true java.property.com.sun.security.enableCRLDP=true When you start the Application, You can see the below entries related to CRL in Application log:- certpath: RevocationChecker.check: checking cert SN: 39252e20 e18cd90c 0a000000 00e8323f Subject: CN=*.abc.com Issuer: CN=ABC, O=ABC LLC, C=US certpath: RevocationChecker.checkCRLs() ---checking revocation status ... certpath: RevocationChecker.checkCRLs() possible crls.size() = 0 certpath: RevocationChecker.checkCRLs() approved crls.size() = 0 certpath: DistributionPointFetcher.getCRLs: Checking CRLDPs for CN=*.ABC.com certpath: Trying to fetch CRL from DP http://crls.pki.abc/abc/fVJxbV-Ktmk.crl certpath: CertStore URI:http://crls.pki.abc/abc/fVJxbV-Ktmk.crl certpath: Downloading new CRL... certpath: DistributionPointFetcher.verifyCRL: checking revocation status for
Issue/Introduction
How to enable CRL (Certificate Revocation Lists) in TIBCO BE applications
Feedback
thumb_up
Yes
thumb_down
No