I read that starting with version 5.5.12 there's an aditional tomcat ssl connector paramater called "crlFile" that enables tomcat to handle CRLs. It has to be compiled with jdk 1.5 though. Has JBoss already incorporated this behaviour ?
5.5.12+ will be the version in 4.0.4 when its released. You can try upgrading the jbossweb-tomcat55.sar to see if it works. Generally the tomcat jars can be updated this way if the minor version is the same.