Hi,

 

We have an application that uses a client certificate to authenticate to OpenLDAP server 2.4.46 at SSL/TLS level. Among other things, olcTLSCRLCheck directive is configured to “peer” value to verify if the client certificate has not been revoked and the CRL is updated every day via script and expires after 15 days.  Everything works well until the 15 days are exceeded and the authentication of the application fails since the server has not been restarted to refresh the CRL.

 

Is there a way to refresh the CRL without restarting the server?

 

Thanks in advance

 

Regards


P Please consider the environment before printing this e-mail.