Hello Ron,
As I Know there is no way to "learn" the new CRL file without making an Apache stop and start. But you should be able to make a RELOAD only. I used it in my Apache on Unix and it works quite well.
Maybe in the future Apache-ModSSL will support OCSP and it will solve this "problem".
Sylvain
--------------------------------------------------------------------------------------------------------
Sylvain Maret
Senior Security Engineer - Strategic Director
e-Xpert Solutions SA
Route de Pr�-Marais 29
1233 Bernex / Geneva
Switzerland
Tel: +41 22 727 05 55
Fax: +41 22 727 05 50
Mail: [EMAIL PROTECTED]
| Ron Ridley <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 09.08.2001 03:16
|
To: [EMAIL PROTECTED] cc: Subject: CRL questions |
Background:
I have a win32 installation of apache 1.3.12 w/ mod_ssl 2.6.1 running on a NT4
server. I am using W2K CA to handle client certs. This setup is special b/c apache
runs as a part of the firewall service (Raptor 6.5) to enable secure access to a web
based auth page.
Problem:
Users can connect to the site fine with their certs, however, problems exists
setting up a CRL. I want to update the CRL every couple of days, yet it requires
a restart of apache to re-read the CRL. My problem lies in that this also requires
a restart of the firewall.
Question:
Can someone verify my findings into the fact that apache must be restarted to
load the updated CRL? If this is the case then are there plans to allow
updating/reloading of the CRL without reloading apache(e.g. CRL expiration period)?
Thanks in advance.
Ron
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
-----------------------------------------------------------------------------------------------
DISCLAIMER
This email and any files transmitted with it, including replies
and forwarded copies (which may contain alterations)
subsequently transmitted from the Company, are confidential
and solely for the use of the intended recipient. It may contain
material protected by attorney-client privilege. The contents
do not represent the opinion of e-Xpert Solutions SA except
to the extent that it relates to their official business.
If you are not the intended recipient or the person responsible
for delivering to the intended recipient, be advised that you
have received this email in error and that any use is strictly
prohibited. If you are not the intended recipient, please advise
the sender by return e-mail, then delete this message and any
attachments.
e-Xpert Solutions SA: [EMAIL PROTECTED]
