On tis, 2008-07-01 at 09:20 +0200, Bert Moorthaemer wrote: > Henrik, > > >> Second, the only way out to the internet is through another proxy (I > >> think a Microsoft ISA server). How can I tell Squid (or OpenSSL) to > >> use this proxy for outgoing CA and CRL verification requests. > > >Squid does not automatically fetch CRL lists. You have to set up this > >manually, and install the CRLs in a directory found by openssl. > > >Hmm.. we really should add a config option to specify the directory. > > I thought that the "crlfile" options handled that ... At least that's how I > configured my SSL reverse proxy That takes a file. OpenSSL also supports a directory with multiple CRLs, hashed by the issuing CN, and dynamic updates. Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part
