>I'm interesting in site-wide shared certs/crls database;
>host-wide by_dir lookup is good enough for a single service
>(like Apache-SSL) or services on single host only. Ldap seems not a
Since I only generate CRLs when needed or once per month, I
simply have all the servers trust the cert on my CA host
and SSLrdist the crls. I also generate an ssl.global file from
the CA data base and SSLrdist that to all hosts (my ssld_auth()
routine looks for ssl.local,ssl.root,ssl.users,ssl.global... I think
that's the order).
--sjg
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
