Login or Register to Ask a Question and Join Our Community


UNIX and Linux Applications

Update CRL in stunnel?

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums UNIX and Linux Applications Update CRL in stunnel?
# 1  
Old 12-15-2011
Update CRL in stunnel?
Hi,
Does anyone know if there is a way to update CRLs in stunnel, without restarting stunnel? If I copy a new CRL to my CRLPath, it is only used for services (from config file) that hasn't been used yet. Services that has been used at least once does not care about new CRLs...
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Stunnel as non root !!

HI I'm trying to install stunnel as(or in) non-root user. there are these options setuid and setgid in stunnel.conf ,that by default are "nobody". but u can change them to "user" .. to enable stunnel in non root mode I tried doing it but no luck. Please drop in your valuable suggestions ... (2 Replies)
Discussion started by: leghorn
2 Replies

2. UNIX for Advanced & Expert Users

Help with Getting Stunnel Running

OS: Sun Solaris 10 (5.10) Stunnel has been installed but when I try to run it, I get a directory permission error. Not sure what it means by 'Not owner' even though that's plain English. I have changed the chroot to a directory (var/tmp) that I'm sure all users have access to so not sure... (0 Replies)
Discussion started by: neapolitan
0 Replies

3. SCO

Starting up stunnel on SCO Openserver 5.0.7

Hi there I have compiled a binary of stunnel for SCO Openserver 5.0.7 At the moment the binary is in /u/testroom/sbin/stunnel as root I cd to /u/testroom/sbin and start the stunnel daemon up with ./stunnel The stunnel log shows when users successfully connect or disconnect, so... (1 Reply)
Discussion started by: The_Librarian
1 Replies

4. UNIX for Advanced & Expert Users

stunnel will not start

am tring to start stunnel version 4.05 that come standard with Suse Enterprise 9 CD. I intend to start stunnel as a daemon, I have generate and self signed the certificate using openssl with openssl version 0.9.7d but stunnel will not start up instead I received the following error message ... (1 Reply)
Discussion started by: hassan1
1 Replies
Login or Register to Ask a Question

LEARN ABOUT OSX

crlrefresh

CRLREFRESH(1)						      General Commands Manual						     CRLREFRESH(1)

NAME

       crlrefresh - update and maintain system-wide CRL cache

SYNOPSIS

       crlrefresh command [command-args] [options] crlrefresh r [options] crlrefresh f URL [options] crlrefresh F URI [options]

CRLREFRESH COMMAND SUMMARY

       r Refresh the entire CRL cache f Fetch a CRL from specified URL F Fetch a Certificate from specified URL

DESCRIPTION

       Crlrefresh  is a UNIX command-line program which is used to refresh and update the contents of the system-wide cache of Certificate Revoca-
       tion Lists (CRLs). CRLs, which are optionally used as part of the procedure for verifying X.509 certificates, are  typically  fetched  from
       the  network  using  a  URL  which appears in (some) certificates. Caching CRLs is an optimization to avoid costs of network latency and/or
       unavailability. Each CRL has a finite validity time which is specified in the CRL itself. This validity time may be as short as one day, or
       it may be much longer. Crlrefresh examines the contents of the CRL cache and updates - via network fetch - all CRLs which are currently, or
       will soon be, invalid.  Crlrefresh is also use to fetch specific CRLs and certificates from the network; CRLs fetched via  crlrefresh  will
       be  added to the CRL cache as well as provided to the specified output file (or to stdout if no output file is provided). The URL specified
       in the f and F commands must have schema "http:" or "ldap:".  Typically, crlrefresh would be run on a regular basis via one of the configu-
       ration files used by the cron(8) program.

CRLREFRESH OPTION SUMMARY

       s=stale_period
	      Specify the time in days which, having elapsed after a CRL is expired, that the CRL is deleted fromt he CRL cache. The default is 10
	      days.

       o=expire_overlap
	      Specify the time in seconds prior to a CRL's expiration when a refresh action will attempt to replace the CRL with a fresh copy.

       p      Purge all entries from the CRL cache, ensuring refresh  with  fresh  CRLs.  Normally,  CRLs  whose  expiration  date  is	more  than
	      expire_overlap past the current time are not refreshed.

       f      Perform  full  cryptographic  verification of all CRLs in the CRL cache. Normally this step is only performed when a CRL is actually
	      used to validate a certificate.

       k=keychain_name
	      The full path to the CRL cache (which is always a keychain). The default is /var/db/crls/crlcache.db.

       v      Provide verbose output during operation.

       F=output_file_name
	      When fetching a CRL or certificate, specifies the destination to which the fetched entity will be written. If this is not  specified
	      then the fetched entity is sent to stdout.

       n      When fetching a CRL, this inhibits the addition of the fetched CRL to the system CRL cache.

       v      Execute in verbose mode.

FILES

       /var/db/crls/crlcache.db System CRL cache database

SEE ALSO

       cron(8)

Apple Computer, Inc.						  April 13, 2004						     CRLREFRESH(1)