httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From domi <Ketteltas...@web.de>
Subject Re: [users@httpd] Problem with revoked certificates.
Date Sun, 04 Feb 2007 18:27:41 GMT

Joost wrote:

Joost de Heer wrote:
> 
> domi wrote:
> 
> [Question about CRLs]
> 
>> <VirtualHost _default_:443>
>> ServerName 192.168.0.2:443
>> Errorlog /opt/exampleca/ssl_error_log
>> Transferlog /opt/exampleca/ssl_access_log
>>
>> SSLEngine on
>>
>> SSLCipherSuite HIGH:MEDIUM
>>
>> SSLProtocol all
>>
>> SSLCertificateFile /some/path/01.pem
>> SSLCertificateKeyFile /some/path/testkey.pem
>> SSLCertificateChainFile /some/path/cacert.pem
>>
>> </VirtualHost>
> 
> You are missing a SSLCARevocationFile directive. Apache should check the
> CRL, not the browser.
> 
> Joost
> 
> 

Hello Joost,
thank you for your answer. I have a question concerning it. The definition
on http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslcarevocationfile
says the following:
<This directive sets the all-in-one file where you can assemble the
Certificate Revocation Lists (CRL) of Certification <Authorities (CA) whose
clients you deal with. These are used for Client Authentication. ...
As I understand this definition it is just for client authentication which I
don't want to deal with. (Not yet.)
Or do I misunderstand the definition?

best regards domi
-- 
View this message in context: http://www.nabble.com/Problem-with-revoked-certificates.-tf3169656.html#a8795601
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message