[Mod_nss-list] some questions regarding mod_nss and CRLs
Luis Neves
luisneves at hotmail.com
Fri Aug 20 14:36:36 UTC 2010
Hi there,
Can someone help me on this questions I have?
How can I update a NSS crl list?, just running the same command Ive used to create the CRL list, but this time with a more recent CRL file is enought?
for example, I've created the CRL database using
crlutil -B -I -d /etc/httpd/alias/ -i ./LatestCRL.crl
if I now download a more updated version of Latest.crl, its enought to use the same command to replace the existing list with the updated one?
next question:
after the above operation, is it necessary to restart Apache? (so it sees the most recent changes on the nss database?)
and a final one:
As you can see, Ive used the "B" option when importing the CRL, if not, I get some errors about the CA validation
Now, to query the CRL DB list using the command
crlutil -L -d /etc/httpd/alias/
I get
CRL names CRL Type
crlutil: could not find signing certificate in database: security library: bad database.
CN=BT/DigitalSign Qualified CA,OU=Class 2 Managed PKI Individual Subscriber CA,OU=Terms of use at https://www.trustwise.com/rpa (c)08,OU=VeriSign Trust Network,OU=LRA - DigitalSign Certificadora Digital (PT507015851),O=British Telecommunications plc,C=GB CRL
Can I ignore this crutil error? is my database bad? can this DB still be used?
Thanks for reading this
Luis Neves
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/mod_nss-list/attachments/20100820/89937058/attachment.htm>
More information about the Mod_nss-list
mailing list