Welcome! Log In Create A New Profile

Advanced

Question about ssl CRL

Previous Message Next Message
Forum List Message List New Topic Print View
Alex Samad - Yieldbroker
October 23, 2012 02:26AM
Hi

New to nginx, trying to setup a SSL reverse proxy. I have the SSL server and client setup working, but when I add in crl pem it fails


I downloaded the CRL from verisign converted from DER to PEM format and saved.

When I uncomment
#ssl_crl /var/www/dev.xyz.com/certs/crl.pem;
My clients fail to connect, I get an 400 error !


Not sure what the issue is ?

Thanks
Alex

{code}

server {
listen 447 ssl;
server_name dev.xyz.com;



ssl on;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /var/www/dev.xyz.com/certs/dev.xyz.com.crt;
ssl_certificate_key /var/www/dev.xyz.com/certs/dev.xyz.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;


# 1.3.7
#ssl_client_certificate /var/www/dev.xyz.com/certs/dev.xyz.com.AcceptableUserCertsCA;
#ssl_trusted_certificate /var/www/dev.xyz.com/certs/dev.xyz.com.UserCertsCA;

ssl_client_certificate /var/www/dev.xyz.com/certs/dev.xyz.com.UserCertsCA;
#ssl_crl /var/www/dev.xyz.com/certs/crl.pem;

ssl_verify_client on;
ssl_verify_depth 3;

access_log /var/log/nginx/dev.xyz.com.access.log main;
error_log /var/log/nginx/dev.xyz.com.error.log warn;

location / {
root /var/www/dev.xyz.com/wwwroot/;
index index.html index.htm;
autoindex on;
}


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Question about ssl CRL

Alex Samad - Yieldbroker October 23, 2012 02:26AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 247
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready