Re: Certificates Revocation Lists and Apache...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



John Doe wrote:

>   [warn] Invalid signature on CRL
>   [error] Certificate Verification: Error (8): CRL signature failure

Any relation to this?
https://issues.apache.org/bugzilla/show_bug.cgi?id=45708

I've worked with a lot of ssl stuff in apache but have never
touched CRL before.

Interestingly enough I found last year that some of verisign's
CRLs weren't built to scale, one of our customers put some content
on their site that pointed back to us, which then triggered a call
to the CRL for those people using IE and Symantec anti virus(which
turned on the CRL option in IE), the site was a very high traffic
site and the customers routinely got errors from the CRL site
because it was overloaded with requests.

So few use CRL, I really don't see the benefit, but I suppose in
really controlled environments it could be useful(just not to me).

nate


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux