W
W
WiMans2014-07-14 20:18:53
Apache HTTP Server
WiMans, 2014-07-14 20:18:53

Is it possible to revoke a client certificate without restarting the web server?

I made authorization in the admin panel through client certificates, added a new administrator / moderator from the admin panel, and a client certificate is immediately generated and issued there for this particular admin (the certificate is tied to the administrator / moderator nickname).
But there is a problem in the implementation of the certificate revocation, since you have to restart Apache after each revocation (Nginx has the same problem).
The SSLCARevocationFile directive only initializes the list of revoked certificates, and is reset only after a reboot (or after reload)
At the moment there is a crutch in crontab that reloads the web server once an hour, but this is not ideal, especially if the certificate is urgently revoked (for example, if it was compromised) will have to go.
Is there any option where the web server (apache or nginx) will work with the list of revoked certificates on the fly, without reboots and reloads?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
P
Puma Thailand, 2014-07-14
@opium

what prevents nginx from reloading at the time of adding or removing a certificate?

W
WiMans, 2014-07-17
@WiMans

Apparently there is no ready and normal solution.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question