Apache 2.2.14: SSLCARevocation location
Posted
by
Doc
on Server Fault
See other posts from Server Fault
or by Doc
Published on 2009-10-14T13:17:22Z
Indexed on
2011/11/27
9:54 UTC
Read the original article
Hit count: 327
I am installing a .crl in my apache config. It looks like this:
VirtualHost default
DocumentRoot "web" ServerName example.com
SSLEngine on
SSLCertificateFile "cert.crt" SSLCertificateKeyFile "key.key" SSLCertificateChainFile "cert.ca-bundle"
SSLProtocol -all +SSLv3 SSLCipherSuite SSLv3:+HIGH:+MEDIUM
Directory
Order deny,allow Allow from all
SSLCACertificateFile "ClientRootCert.crt"
SSLVerifyClient require SSLVerifyDepth 3
SSLCARevocationFile "CRLList.crl"
Directory
VirtualHost
When Apache is started, I get the error:
SSLCARevocationFile not allowed here
When I place SSLCARevocationFile above the Directory tag, Apache starts, but all client certs are rejected with the message:
ssl_error_expired_cert_alert (both revoked and active certs)
How to solve this?
© Server Fault or respective owner