8 Sep
2010
8 Sep
'10
2:02 a.m.
Gianluigi Nigro wrote:
Hi, Using version 2.4.23 with TLS. In slapd.conf the TLSCACertificatePath directive specifies the directory containing the certificate for the CA and the CRL. The content of this directory is hashed with c_rehash utilities. Everything works fine, but when a client certificate is revoked (ad a new CRL is created) i must restart the server to make it upgraded with the new CRL. Is there a way to do this, without having to reboot (a hot refresh of the CRL)? Thanks. gnigro
There's no explicit mechanism to refresh the CRL. However, if you use cn=config and modify the TLS settings, it will reinitialize the entire TLS context, including reloading the CRL.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/