Our freeradius server is having a problem with CRL's expiring, however we have a new CRL copying over every 5 minutes.
We have a 4 hour expire on our CRL's and I'm wondering if I need to killall -HUP radiusd in order for the new CRL to be picked up. I was looking through the code and it seems like the only thing that the freeradius code does with CRL's is to tell the X509 store to look for the CRL, but that seems about it. When I copy my CRL over I do the following... wget -q http://somesite.com/crl/crlfile.dem -O /tmp/crlfile.dem.new mv /tmp/crlfile.dem.new /home/freeradius/etc/certs/crlfile.dem openssl crl -inform dem -outform pem -in /home/freeradius/etc/certs/crlfile.dem -out /home/freeradius/etc/certs/crlfile.pem c_rehash /home/freeradius/etc/certs/ So, do I need to do something or these CRL's to be updated while radiusd is running? Any other helpful hints would be greatly appreciated. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html