[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: CRL refresh

To: Gianluigi Nigro <gianluigi.nigro@passepartout.sm>
Subject: Re: CRL refresh
From: Howard Chu <hyc@symas.com>
Date: Wed, 08 Sep 2010 02:02:27 -0700
Cc: openldap-technical@openldap.org
In-reply-to: <BCCDB0ABF2689440B24348C4FDAD46F10202388D@MAILSERVER.passepartout.local>
References: <BCCDB0ABF2689440B24348C4FDAD46F10202388D@MAILSERVER.passepartout.local>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.3a6pre) Gecko/20100708 Firefox 3.6

Gianluigi Nigro wrote:

Hi,
Using version 2.4.23 with TLS. In slapd.conf the TLSCACertificatePath
directive specifies the directory containing the certificate for the CA
and the CRL.
The content of this directory is hashed with c_rehash utilities.
Everything works fine, but when a client certificate is revoked (ad a
new CRL is created) i must restart the server to make it upgraded with
the new CRL.
Is there a way to do this, without having to reboot (a hot refresh of
the CRL)?
Thanks.
gnigro

There's no explicit mechanism to refresh the CRL. However, if you usecn=config and modify the TLS settings, it will reinitialize the entire TLScontext, including reloading the CRL.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: CRL refresh
  - From: Michael Ströder <michael@stroeder.com>

References:
- CRL refresh
  - From: "Gianluigi Nigro" <gianluigi.nigro@passepartout.sm>

Prev by Date: CRL refresh
Next by Date: cannot bind to ldap other user as root
Index(es):
- Chronological
- Thread