Visit Our UNIX and Linux User Community


Apache: SSLACARevocation directive issue


 
Thread Tools Search this Thread
Top Forums Web Development Apache: SSLACARevocation directive issue
# 1  
Old 10-19-2009
Apache: SSLACARevocation directive issue

I am installing a .crl in my apache config. It looks like this:

Code:
<VirtualHost default>

DocumentRoot "web" ServerName example.com

SSLEngine on

SSLCertificateFile "cert.crt" SSLCertificateKeyFile "key.key" SSLCertificateChainFile "cert.ca-bundle"

SSLProtocol -all +SSLv3 SSLCipherSuite SSLv3:+HIGH:+MEDIUM

<Directory />

Order deny,allow Allow from all

SSLCACertificateFile "ClientRootCert.crt"

SSLVerifyClient require SSLVerifyDepth 3

SSLCARevocationFile "CRLList.crl"

</Directory>

</VirtualHost>

When Apache is started, I get the error:

SSLCARevocationFile not allowed here

When I place SSLCARevocationFile above the Directory tag, Apache starts, but all client certs are rejected with the message:

ssl_error_expired_cert_alert (both revoked and active certs)

How to solve this?

Previous Thread | Next Thread
Test Your Knowledge in Computers #402
Difficulty: Medium
The term 3D printing originally referred to a powder bed process employing standard and custom inkjet print heads.
True or False?

10 More Discussions You Might Find Interesting

1. Ubuntu

Apache - Files directive does not work

HI guys. when i configure Files in this way: <Files ~ "\.png$"> deny from all </Files> it works. but when defining in this way it doesn't work: <Files /var/www/test/file.png> deny from all </Files> directives are not inside Directory directive. Could someone help? (0 Replies)
Discussion started by: majid.merkava
0 Replies

2. Red Hat

Apache 2.2.17 compile issue.

Hi, I am using RedHat Linux 5.3 64bit OS.. When i try to compile apache 2.2.17. during the make install i am getting the below error. Appreciate your help. rsync: link_stat "/Application/softwares/softwares/httpd-2.2.15/docs/manual/." failed: Permission denied (13) rsync: cannot stat... (4 Replies)
Discussion started by: Krrishv
4 Replies

3. AIX

Apache Installation issue

HI Guys, I got the below error while trying to install the apache2.2.15. from the error I can interpret that some of the .h files are missing. I guess those are C library header files.. Can you help me with it. bash-3.00# make Making all in srclib Making all in apr /bin/sh... (3 Replies)
Discussion started by: kkeng808
3 Replies

4. Web Development

regex in apache Allow from directive

Hi, Does the apache Allow from directive support regular expressions? such as: Allow from ^web11blah\.blah\.blah\.yahoo\.com$ what i want to do: allow access from hosts in the range web1160blah.blah.blah.yahoo.com to web1189blah.blah.blah.yahoo.com notice the 1160 to 1189 range as part... (3 Replies)
Discussion started by: Yogesh Sawant
3 Replies

5. Web Development

Apache 2.0 Issue

I did not see a DocumentRoot entry in apache2.conf so I manually put one. DocumentRoot /mohit I restarted apache services but the the pages do not serve from that location. Can someone tell me what I need to do? (4 Replies)
Discussion started by: mojoman
4 Replies

6. UNIX for Advanced & Expert Users

Apache issue

I am trying to get a number of virtual server running on a linux/apache box. I have the virtual server configure properly. However doesn't matter what happens it allways ends up in the / directory (root for apache) and brings up the default page. If I look at the log files all i ever see is GET /,... (1 Reply)
Discussion started by: frankkahle
1 Replies

7. Solaris

Apache start issue

Hi group, I need help to start apache in following scenario: 1) Say apache is installed on solaris OS by user 'root'. 2) An entry is there in httpd.conf that says to start apache process as user: #User <RUN_AS_USER> is edited as User user1 2) Now say user2 has logged and tries to start... (6 Replies)
Discussion started by: rs266
6 Replies

8. Solaris

Apache config issue

I want to build a little website on a Sun Blade 100 running Solaris 10. I just went out to apache.org and downloaded Unix Source: httpd-2.2.8.tar.gz After unpacking the tarball, I CD'd into the subdirectory and ran the configure utility. Of course, it crapped out. I see that it is... (17 Replies)
Discussion started by: BrewDudeBob
17 Replies

9. Solaris

Apache Configuration issue on Solaris

I seem to have an issue with Apache configurationon our Sun solaris Server. Since there are 2 my_app instances running in parallel, the perl modules in my_app_perl_libs are getting shared between them, even though they are in different directories (/u01/my_app and /u01/my_app8). This is because... (1 Reply)
Discussion started by: rahulrathod
1 Replies

10. UNIX for Dummies Questions & Answers

apache directive only for outside network

I set up a directive for the .htaccess file in one of my web directories. It works fine. Is there a way to force only users outside my internal home network to go through the password authorization? Or, put another way, any user in my network should not have to enter a password. Is that possible? (2 Replies)
Discussion started by: dangral
2 Replies
Apache::Qpsmtpd(3pm)					User Contributed Perl Documentation				      Apache::Qpsmtpd(3pm)

NAME
Apache::Qpsmtpd - a mod_perl-2 connection handler for qpsmtpd SYNOPSIS
Listen 0.0.0.0:25 smtp AcceptFilter smtp none ## "smtp" and the AcceptFilter are required for Linux, FreeBSD ## with apache >= 2.1.5, for others it doesn't hurt. See also ## http://httpd.apache.org/docs/2.2/mod/core.html#acceptfilter ## and http://httpd.apache.org/docs/2.2/mod/mpm_common.html#listen LoadModule perl_module modules/mod_perl.so <Perl> use lib qw( /path/to/qpsmtpd/lib ); use Apache::Qpsmtpd; $ENV{QPSMTPD_CONFIG} = "/path/to/qpsmtpd/config"; </Perl> <VirtualHost _default_:25> PerlModule Apache::Qpsmtpd PerlProcessConnectionHandler Apache::Qpsmtpd # can specify this in config/plugin_dirs if you wish: PerlSetVar qpsmtpd.plugin_dirs /path/to/qpsmtpd/plugins PerlSetVar qpsmtpd.loglevel 4 </VirtualHost> DESCRIPTION
This module implements a mod_perl/apache 2.0 connection handler that turns Apache into an SMTP server using Qpsmtpd. It also allows you to set single-valued config options (such as loglevel, as seen above) using "PerlSetVar" in httpd.conf. This module should be considered beta software as it is not yet widely tested. However it is currently the fastest way to run Qpsmtpd, so if performance is important to you then consider this module. BUGS
Probably a few. Make sure you test your plugins carefully. The Apache scoreboard (/server-status/) mostly works and shows connections, but could do with some enhancements specific to SMTP. AUTHOR
Matt Sergeant, <matt@sergeant.org> Some credit goes to <mock@obscurity.org> for Apache::SMTP which gave me the inspiration to do this. perl v5.14.2 2009-04-02 Apache::Qpsmtpd(3pm)

Featured Tech Videos