Based on configuration of the backend modules, the certificate chain is returned as a DER or PEM encoded certificate revocation list as per RFC5280.
Generate and return a certificate revocation list as a response.
Based on configuration of the backend modules, the certificate chain is returned as a DER or PEM encoded certificate revocation list as per RFC5280.
The
mod_crl
module is a
frontend module
and will not do anything useful until
mod_crl
has been combined with one or
more
backend modules
listed below. The
mod_crl
module uses the following hook to get the certificate revocation list, and suitable
backend modules
must be configured to implement each hook as needed.
All frontend modules run within a standard Apache httpd request, and standard httpd functionality applies in all cases.
This hook returns the certificate revocation list for the configured certificate authority.
mod_ca_crl | Read the certificate sign request from disk. |
The simplest case: return the certificate revocation list to anybody who wants one.
# return this crl
CACRLCertificateRevocationList /etc/pki/tls/ca-crl.pem
# frontend configuration:
SetHandler crl
]]>
Description | The max-age of the certificate revocation list will be divided by this factor. |
Syntax |
CrlFreshness factor [max-seconds]
|
Default |
CrlFreshness 2 86400
|
Context | server config, virtual host, directory, .htaccess |
Status | Frontend |
Module | mod_crl |
Compatibility | Introduced in mod_crl 0.2.0 and works with Apache HTTP Server 2.4.0 and later |
The age of the certificate revocation list will be divided by this factor when added as a max-age, set to zero to disable. Defaults to "2". An optional maximum value can be specified, defaults to one day.
Description | Set the URL location of the WADL returned by the OPTIONS method. |
Syntax |
CrlLocation url
|
Default |
CrlLocation [current-URL]
|
Context | server config, virtual host, directory, .htaccess |
Status | Frontend |
Module | mod_crl |
Compatibility | Introduced in mod_crl 0.2.0 and works with Apache HTTP Server 2.4.0 and later |
Set the URL location of the WADL returned by the OPTIONS method.
Description | Set to the default encoding to be returned if not specified. |
Syntax |
CrlEncoding encoding
|
Default |
CrlEncoding der
|
Context | server config, virtual host, directory, .htaccess |
Status | Frontend |
Module | mod_crl |
Compatibility | Introduced in mod_crl 0.2.0 and works with Apache HTTP Server 2.4.0 and later |
Set the default encoding to be returned if not specified. Must be one of "pem", "x-pem" or "der".