Forum: NGINX using ssl_crl with CRLs (plural)

26ac0d9170451790b2dc7ba202abf61e?d=identicon&s=25 Florian Le Goff (Guest)
on 2014-04-22 18:14
(Received via mailing list)
Hi there,

I am trying to setup a x509 client cert check with Nginx. Everything
is running smoothly until I add the ssl_crl directive.

Unfortunately, my CA happens to release its CRLs under several
files... for historic reasons from what I heard.

With Apache/mod_ssl; the SSLCARevocationFile directive sets a
concatenated PEM-encoded CA CRLs, even if concatenated files are not
fully compliant with the CRL logic.

Is it something that might be setup with nginx ? The ability to setup
a list of the individual files somewhere in the nginx configuration
would be optimal.

Thanks,

Ref:
http://serverfault.com/questions/565445/how-to-che...

--
Florian Le Goff
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2014-04-22 19:03
(Received via mailing list)
Hello!

On Tue, Apr 22, 2014 at 06:13:54PM +0200, Florian Le Goff wrote:

> fully compliant with the CRL logic.
>
> Is it something that might be setup with nginx ? The ability to setup
> a list of the individual files somewhere in the nginx configuration
> would be optimal.

Multiple PEM-encoded CRLs concatenated into a single file should
work fine.  Note that both Apache/mod_ssl and nginx rely on
OpenSSL to load CRL files, and handling is more or less identical.

--
Maxim Dounin
http://nginx.org/
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.