When doing client authentication using digital certificates against an Apache server configured with the mod_revocator and mod_nss plugins, a httpd restart is required in order to successfully import an updated Certificate Revocation List (CRL).
In some cases, Online Certificate Status Protocol (OCSP) is not used, and downloading updated CRLs with client authentication can be seen as a complement or replacement (this could be referred as "Dynamic CRL Loading").
- Red Hat Enterprise Linux 5 x86_64
Red Hat Directory Server 8.1 (example with redhat-ds-base-8.1.1-1.el5dsrv)
Red Hat Certificate System 8.0 (example with pki-ca-8.0.6-1.el5pki)
- Apache web server (example with httpd-2.2.3-31.el5)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.