Luiz Gustavo Anflor Pereira wrote:
Hello all I want to implement a secure site through digital authentication, and i found that i need to keep the Certificate Revocation Lists. It is ok, i can download them from the net, but my question is: is there a way to consult the lists online, when the user tries to authenticate himself? Is it possible to configure apache to consult the lists on the CAs sites?
I think what you are looking for is OCSP support, where OCSP (Online Certificate Status Protocol) allows you to query a third party (usually a CA) to ask if a particular cert has been revoked. Unfortunately, I'm not sure if there's: a) any good support in Apache for this yet (a bit of Googling suggests not) or b) any widespread support for this from CAs. Unless anyone knows any better, you're probably stuck with the CRLs for the time being. -- Regards Stephen Collyer Netspinner Ltd --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|