You are of course referring to the Certificate Revocation Lists. I believe that the SSLCARevocationFile is loaded only when Apache is started. If you want a dynamic behaviour, you should use SSLCARevocationPath. This would also probably be more efficient since you get a direct access to the correct file through the symbolic link hashes. -ascs -----Original Message----- From: Lauzanne Olivier [mailto:Olivier.Lauzanne@xxxxxxxxxxxxxx] Sent: Thursday, August 04, 2005 4:58 PM To: users@xxxxxxxxxxxxxxxx Subject: [users@httpd] Using a CRL from LDAP in MODSSL Hi, I'm working on a project that uses modssl in apache 2.0. The problem is that we need to get the rectification list updated frequently and that we need to provide a 24/24 service. I noticed in a mail from 2000 (from mod-ssl mailing-list archive) that a graceful restart is requiered in order to update the CRL. Is it still the case ? Could an url be used instead of a directory ??? (i read the documentation ... it does not seem possible but it would be so much easier) thanks ! --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx