Joost wrote: Joost de Heer wrote: > > domi wrote: > > [Question about CRLs] > >> <VirtualHost _default_:443> >> ServerName 192.168.0.2:443 >> Errorlog /opt/exampleca/ssl_error_log >> Transferlog /opt/exampleca/ssl_access_log >> >> SSLEngine on >> >> SSLCipherSuite HIGH:MEDIUM >> >> SSLProtocol all >> >> SSLCertificateFile /some/path/01.pem >> SSLCertificateKeyFile /some/path/testkey.pem >> SSLCertificateChainFile /some/path/cacert.pem >> >> </VirtualHost> > > You are missing a SSLCARevocationFile directive. Apache should check the > CRL, not the browser. > > Joost > > Hello Joost, thank you for your answer. I have a question concerning it. The definition on http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslcarevocationfile says the following: <This directive sets the all-in-one file where you can assemble the Certificate Revocation Lists (CRL) of Certification <Authorities (CA) whose clients you deal with. These are used for Client Authentication. ... As I understand this definition it is just for client authentication which I don't want to deal with. (Not yet.) Or do I misunderstand the definition? best regards domi -- View this message in context: http://www.nabble.com/Problem-with-revoked-certificates.-tf3169656.html#a8795601 Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|