How to enable revocation-list checking in org.switchyard.security.login.CertificateLoginModule
Issue
- Is there a way to ensure that the revocation-list of a certificate gets checked? We use Fuse on EAP 6.3.0. Some use cases need client certificate authentication (two-way-ssl) and therefore the authentication process of our Switchyard applications use the
org.switchyard.security.login.CertificateLoginModule
. It just happened that a certificate of one of our clients is revoked, but theorg.switchyard.security.login.CertificateLoginModule
still accepts that certificate.
Environment
- Red Hat JBoss Fuse
- 6.3.0
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.