R, 18 nov 2011 kirjutas Alex Samad - Yieldbroker
<[email protected]>:
I have a ssl site and I am wondering how apache / mod_ssl handle
crl's it seems like I have to grab the crl and place it into a file
for apache / mod_ssl to read from there.
My issue crl is for 1 day
Last Update: Nov 17 13:21:32 2011 GMT
Next Update: Nov 18 13:21:32 2011 GMT
So there is a point of time when it is not going to be valid......
how do other people handle this and does a sig hup reload the crl or
do I need to restart apache ?
I simply wrote a script that periodically downloads the new CRL, puts
it in place and restarts Apache. In my case the CRL updates are issued
at 'random' times so my script reads the next update time from the CRL
and schedules itself to run a few minutes before that. If your CRL is
updated at fixed times you could just schedule it with cron.
I'm not doing a graceful restart but rather a full restart when the
CRL is updated. That may be because I investigated the issue at the
time I set this up and found the graceful restart to be insufficient,
or because I just wasn't sure if graceful restart will work. I *think*
it's the former.
HTH
--
Toomas Aas
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [email protected]
" from the digest: [email protected]
For additional commands, e-mail: [email protected]
