[Fedora-directory-commits] mod_revocator/docs mod_revocator.html, 1.1, 1.2
Robert Crittenden (rcritten)
fedora-directory-commits at redhat.com
Mon Oct 16 18:17:16 UTC 2006
- Previous message (by thread): [Fedora-directory-commits] mod_revocator libtool-version, NONE, 1.1 Makefile.am, 1.3, 1.4 aclocal.m4, 1.3, 1.4 Makefile.in, 1.3, 1.4 configure, 1.3, 1.4 exec-client.cpp, 1.2, 1.3 http-client.cpp, 1.2, 1.3 ldap-client.cpp, 1.3, 1.4 mod_rev.c, 1.2, 1.3 rev_core.cpp, 1.2, 1.3 revhelper.cpp, 1.2, 1.3 revocation.h, 1.2, 1.3 rfind.cpp, 1.2, 1.3 robject.cpp, 1.2, 1.3
- Next message (by thread): [Fedora-directory-commits] ldapserver/ldap/servers/plugins Makefile, 1.9, 1.10
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rcritten
Update of /cvs/dirsec/mod_revocator/docs
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19588/docs
Modified Files:
mod_revocator.html
Log Message:
Add bit about OpenLDAP support
Include some troubleshooting documentation and a little bit more on
configuration
Index: mod_revocator.html
===================================================================
RCS file: /cvs/dirsec/mod_revocator/docs/mod_revocator.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- mod_revocator.html 5 Sep 2006 19:58:26 -0000 1.1
+++ mod_revocator.html 16 Oct 2006 18:17:14 -0000 1.2
@@ -54,7 +54,8 @@
3.9.3 or higher<br>
</li>
<li>Mozilla <a href="http://www.mozilla.org/directory/csdk.html">LDAP
-SDK</a> 5.15 or higher</li>
+SDK</a> 5.15 or higher or OpenLDAP 2.2.29 or higher<br>
+ </li>
<li>Apache development package(s)</li>
<li><a href="http://directory.fedora.redhat.com/wiki/Mod_nss">mod_nss</a><br>
</li>
@@ -114,6 +115,13 @@
<td>--with-ldapsdk-lib=PATH</td>
<td>Mozilla LDAP SDK library directory</td>
</tr>
+ <tr>
+ <td style="vertical-align: top;">--enable-openldap<br>
+ </td>
+ <td style="vertical-align: top;">Use OpenLDAP instead of
+the Mozilla LDAP SDK<br>
+ </td>
+ </tr>
</tbody>
</table>
<br>
@@ -250,8 +258,41 @@
<code>CRLFile http://somehost.example.com/MasterCRL.crl;60;60 </code><br>
<code>CRLAgeCheck off </code><br>
<code>CRLUpdateCritical off
+<br>
+</code></div>
+<h1>Operation<br>
+</h1>
+In order for the CRL to be loaded you need to trust the issuer. This is
+often issued by a separate certificate on the CA, so you may need to
+trust multiple certificates. If the CRL is signed by an unknown issuer
+or is not trusted you will get the error message:<br>
+<br>
+<code>Error updating CRL http://ca.example.com/MasterCRL.crl no subject
+: Unknown issuer for this CRL<br>
</code><br>
-</div>
+In order to load this CRL you will need to import and trust the CA
+and/or OCSP signing certificate. Save the certificate(s) into text
+files and use the NSS certutil command to import it. Note that your
+nickname (-n) and database path (-d) may differ:<br>
+<br>
+<code>% certutil -A -n "CA" -d /etc/httpd/alias -t CT,, -a -i
+/path/to/ca.crt<br>
+</code><br>
+<code>% certutil -A -n "OCSP cert" -d /etc/httpd/alias -t CT,, -a -i
+/path/to/ocsp.crt</code><br>
+<br>
+The default Apache LogLevel is warn. This will log basic information
+about the module and will report the first successful retrieval
+of each CRL. Subsequent retrievals are only logged in the LogLevel is
+set to debug.<br>
+<br>
+An example log is:<br>
+<br>
+<code>Successfully downloaded CRL at URL
+http://ca.example.com/MasterCRL.crl, subject = CN=Certificate
+Manager,OU=Engineering,O=Example,C=US, lastupdate = Thu Oct 12 15:39:19
+2006, nextupdate = Thu Oct 12 19:39:19 2006<br>
+Revocation subsystem initialized</code><br>
<h1><a name="Developer_Information"></a>Developer Information </h1>
This module uses some internals from NSS. This is normally a big no-no
but there was no other way to get around it. As such a private copy of
- Previous message (by thread): [Fedora-directory-commits] mod_revocator libtool-version, NONE, 1.1 Makefile.am, 1.3, 1.4 aclocal.m4, 1.3, 1.4 Makefile.in, 1.3, 1.4 configure, 1.3, 1.4 exec-client.cpp, 1.2, 1.3 http-client.cpp, 1.2, 1.3 ldap-client.cpp, 1.3, 1.4 mod_rev.c, 1.2, 1.3 rev_core.cpp, 1.2, 1.3 revhelper.cpp, 1.2, 1.3 revocation.h, 1.2, 1.3 rfind.cpp, 1.2, 1.3 robject.cpp, 1.2, 1.3
- Next message (by thread): [Fedora-directory-commits] ldapserver/ldap/servers/plugins Makefile, 1.9, 1.10
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-directory-commits
mailing list