Hello! On Mon, Dec 15, 2014 at 02:48:03PM -0500, sandeepkolla99 wrote:
> Hi, > I want to check the validity of a client certificate against CRL. So, I > have defined in nginx.cong as follows > > listen 80; > listen 443 ssl; > server_name localhost; > ssl_certificate serverCert.pem; > ssl_certificate_key serverKey.key; > ssl_client_certificate RootCA.pem; > ssl_verify_client on; > ssl_verify_depth 2; > ssl_crl CrlFile.pem; > > If I write my nginx.conf as follows, It works fine. My application is > expected to process a huge number of requests everyday and for each > time(request) client certificate validity is checked against CrlFile.pem > (specified at ssl_crl). 1. Does it effect servers response time because > each time it has to open and read CrlFile.pem?. No. The CRL file is loaded into memory when loading a configuration. > My CrlFile.pem will be updated once a day as per my requirement. So, > 2. Is there any caching mechanism performed by Nginx to cache CrlFile.pem > because It has a new copy only once a day?. See above. For changes to be applied, you'll have to reload nginx configuration. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
