We have a distributed jms application that runs with spring-boot on oracle-linux machines. For security considerations we need to sign and verify messages. We did do it by using camel-xmlsecurity with a self-signed certificate but security rules force us to use a CA, instead. So we need to provide Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) for the application.

It looks like CRL and OCSP support are provided usually by a third-party application like Microsoft Exchange Server in Windows and openssl in Linux, but I guess it should be possible in java native code level or probably by camel.

Where and how I can implement CRL and OCSP?

0 Answers