Apache 2.2.14: SSLCARevocation location

Posted by Doc on Server Fault See other posts from Server Fault or by Doc
Published on 2009-10-14T13:17:22Z Indexed on 2011/01/06 16:55 UTC
Read the original article Hit count: 389

Filed under:
|
|

I am installing a .crl in my apache config. It looks like this:

VirtualHost default

DocumentRoot "web" ServerName example.com

SSLEngine on

SSLCertificateFile "cert.crt" SSLCertificateKeyFile "key.key" SSLCertificateChainFile "cert.ca-bundle"

SSLProtocol -all +SSLv3 SSLCipherSuite SSLv3:+HIGH:+MEDIUM

Directory

Order deny,allow Allow from all

SSLCACertificateFile "ClientRootCert.crt"

SSLVerifyClient require SSLVerifyDepth 3

SSLCARevocationFile "CRLList.crl"

Directory

VirtualHost

When Apache is started, I get the error:

SSLCARevocationFile not allowed here

When I place SSLCARevocationFile above the Directory tag, Apache starts, but all client certs are rejected with the message:

ssl_error_expired_cert_alert (both revoked and active certs)

How to solve this?

© Server Fault or respective owner

Related posts about apache

Related posts about httpd.conf