I'm trying to understand when a CRL list gets read by Apache. I have
cases of it being read when a new CRL is placed in the directory and
the "make" is run, and cases when it does not get read under identical
circumstances.
The only reliable way that I have to make sure that the CRL gets
updated is by restarting the server.
Is this supposed to be the case? I'm confused that it works sometimes
and doesn't work on others.
Right now, I'm running 1.3.19 with mod_ssl 2.8.1 (yes, I know that they
are old, but I am not able to update them for support reasons...). We
have the SSLCARevocationPath directive set to the proper location, and
a script that downloads a new CRL every evening and runs the make. The
script does not kick the server. Our CRLs expire in seven days, but
get published every evening.
Should I just stop worrying and learn to love restarting Apache?
Thanks,
r.
--
Roberto Hoyle
PKI Lab Programmer
Dartmouth College
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]