Re: CRL questions
Yes, use restart ! --- usage: ./apachectl (start|stop|restart|fullstatus|status|graceful|configtest|help) start - start httpd startssl - start httpd with SSL enabled stop - stop httpd restart - restart httpd if running by sending a SIGHUP or start if not running fullstatus - dump a full status screen; requires lynx and mod_status enabled status - dump a short status screen; requires lynx and mod_status enabled graceful - do a graceful restart by sending a SIGUSR1 or start if not running configtest - do a configuration syntax test help - this screen Sylvain Maret Senior Security Engineer e-Xpert Solutions SA Route de Pré-Marais 29 1233 Bernex / Geneva Switzerland Tel: +41 22 727 05 55 Fax: +41 22 727 05 50 Mail: [EMAIL PROTECTED] --- DISCLAIMER This email and any files transmitted with it, including replies and forwarded copies (which may contain alterations) subsequently transmitted from the Company, are confidential and solely for the use of the intended recipient. It may contain material protected by attorney-client privilege. The contents do not represent the opinion of e-Xpert Solutions SA except to the extent that it relates to their official business. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use is strictly prohibited. If you are not the intended recipient, please advise the sender by return e-mail, then delete this message and any attachments. e-Xpert Solutions SA: [EMAIL PROTECTED]
Re: CRL questions
On Thu, Aug 09, 2001 at 09:59:51AM -0500, Ron Ridley wrote: > In reference to making Apache reload the CRL are you sending a SIGHUP to do that or >something else? > An apachectl graceful should do the trick (without disturbing operation too much). vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: CRL questions
In reference to making Apache reload the CRL are you sending a SIGHUP to do that or something else? -Ron On Thu, Aug 09, 2001 at 08:17:36AM +0200, [EMAIL PROTECTED] sent this message: > Hello Ron, > > As I Know there is no way to "learn" the new CRL file without making an > Apache stop and start. But you should be able to make a RELOAD only. I > used it in my Apache on Unix and it works quite well. > > Maybe in the future Apache-ModSSL will support OCSP and it will solve this" > problem". > > Sylvain > > > > Sylvain Maret > Senior Security Engineer - Strategic Director > e-Xpert Solutions SA > Route de Pré-Marais 29 > 1233 Bernex / Geneva > Switzerland > > Tel: +41 22 727 05 55 > Fax: +41 22 727 05 50 > Mail: [EMAIL PROTECTED] > > > > > Ron Ridley <[EMAIL PROTECTED]> > Sent by: [EMAIL PROTECTED] > 09.08.2001 03:16 > Please respond to modssl-users > > > To: [EMAIL PROTECTED] > cc: > Subject:CRL questions > > > Background: > I have a win32 installation of apache 1.3.12 w/ mod_ssl 2.6.1 running on aN > T4 > server. I am using W2K CA to handle client certs. This setup is specialb > /c apache > runs as a part of the firewall service (Raptor 6.5) to enable secure > access to a web > based auth page. > > Problem: > Users can connect to the site fine with their certs, however, problems > exists > setting up a CRL. I want to update the CRL every couple of days, yet it > requires > a restart of apache to re-read the CRL. My problem lies in that this alsor > equires > a restart of the firewall. > > Question: > Can someone verify my findings into the fact that apache must be restartedt > o > load the updated CRL? If this is the case then are there plans to allow > updating/reloading of the CRL without reloading apache(e.g. CRL expirationp > eriod)? > > Thanks in advance. > Ron > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > > > > > >--- > DISCLAIMER > This email and any files transmitted with it, including replies > and forwarded copies (which may contain alterations) > subsequently transmitted from the Company, are confidential > and solely for the use of the intended recipient. It may contain > material protected by attorney-client privilege. The contents > do not represent the opinion of e-Xpert Solutions SA except > to the extent that it relates to their official business. > > If you are not the intended recipient or the person responsible > for delivering to the intended recipient, be advised that you > have received this email in error and that any use is strictly > prohibited. If you are not the intended recipient, please advise > the sender by return e-mail, then delete this message and any > attachments. > > e-Xpert Solutions SA: [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: CRL questions
Hello Ron, As I Know there is no way to "learn" the new CRL file without making an Apache stop and start. But you should be able to make a RELOAD only. I used it in my Apache on Unix and it works quite well. Maybe in the future Apache-ModSSL will support OCSP and it will solve this "problem". Sylvain Sylvain Maret Senior Security Engineer - Strategic Director e-Xpert Solutions SA Route de Pré-Marais 29 1233 Bernex / Geneva Switzerland Tel: +41 22 727 05 55 Fax: +41 22 727 05 50 Mail: [EMAIL PROTECTED] Ron Ridley <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 09.08.2001 03:16 Please respond to modssl-users To: [EMAIL PROTECTED] cc: Subject: CRL questions Background: I have a win32 installation of apache 1.3.12 w/ mod_ssl 2.6.1 running on a NT4 server. I am using W2K CA to handle client certs. This setup is special b/c apache runs as a part of the firewall service (Raptor 6.5) to enable secure access to a web based auth page. Problem: Users can connect to the site fine with their certs, however, problems exists setting up a CRL. I want to update the CRL every couple of days, yet it requires a restart of apache to re-read the CRL. My problem lies in that this also requires a restart of the firewall. Question: Can someone verify my findings into the fact that apache must be restarted to load the updated CRL? If this is the case then are there plans to allow updating/reloading of the CRL without reloading apache(e.g. CRL expiration period)? Thanks in advance. Ron __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] --- DISCLAIMER This email and any files transmitted with it, including replies and forwarded copies (which may contain alterations) subsequently transmitted from the Company, are confidential and solely for the use of the intended recipient. It may contain material protected by attorney-client privilege. The contents do not represent the opinion of e-Xpert Solutions SA except to the extent that it relates to their official business. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use is strictly prohibited. If you are not the intended recipient, please advise the sender by return e-mail, then delete this message and any attachments. e-Xpert Solutions SA: [EMAIL PROTECTED]
CRL questions
Background: I have a win32 installation of apache 1.3.12 w/ mod_ssl 2.6.1 running on a NT4 server. I am using W2K CA to handle client certs. This setup is special b/c apache runs as a part of the firewall service (Raptor 6.5) to enable secure access to a web based auth page. Problem: Users can connect to the site fine with their certs, however, problems exists setting up a CRL. I want to update the CRL every couple of days, yet it requires a restart of apache to re-read the CRL. My problem lies in that this also requires a restart of the firewall. Question: Can someone verify my findings into the fact that apache must be restarted to load the updated CRL? If this is the case then are there plans to allow updating/reloading of the CRL without reloading apache(e.g. CRL expiration period)? Thanks in advance. Ron __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]