Certificate Revocation List Module

Generate and return a certificate revocation list as a response.

What does it do?

Based on configuration of the backend modules, the certificate chain is returned as a DER or PEM encoded certificate revocation list as per RFC5280.

Module Integration

The mod_crl module is a frontend module and will not do anything useful until mod_crl has been combined with one or more backend modules listed below. The mod_crl module uses the following hook to get the certificate revocation list, and suitable backend modules must be configured to implement each hook as needed.

All frontend modules run within a standard Apache httpd request, and standard httpd functionality applies in all cases.

Certificate Revocation List Hook

This hook returns the certificate revocation list for the configured certificate authority.

mod_ca_crl Read the certificate sign request from disk.

Examples

Basic Example

The simplest case: return the certificate revocation list to anybody who wants one.


  # return this crl
  CACRLCertificateRevocationList /etc/pki/tls/ca-crl.pem


# frontend configuration:

  
    SetHandler crl
  

]]>

Directive Reference

CrlFreshness Directive

Description The max-age of the certificate revocation list will be divided by this factor.
Syntax CrlFreshness factor [max-seconds]
Default CrlFreshness 2 86400
Context server config, virtual host, directory, .htaccess
Status Frontend
Module mod_crl
Compatibility Introduced in mod_crl 0.2.0 and works with Apache HTTP Server 2.4.0 and later

The age of the certificate revocation list will be divided by this factor when added as a max-age, set to zero to disable. Defaults to "2". An optional maximum value can be specified, defaults to one day.

CrlLocation Directive

Description Set the URL location of the WADL returned by the OPTIONS method.
Syntax CrlLocation url
Default CrlLocation [current-URL]
Context server config, virtual host, directory, .htaccess
Status Frontend
Module mod_crl
Compatibility Introduced in mod_crl 0.2.0 and works with Apache HTTP Server 2.4.0 and later

Set the URL location of the WADL returned by the OPTIONS method.

CrlEncoding Directive

Description Set to the default encoding to be returned if not specified.
Syntax CrlEncoding encoding
Default CrlEncoding der
Context server config, virtual host, directory, .htaccess
Status Frontend
Module mod_crl
Compatibility Introduced in mod_crl 0.2.0 and works with Apache HTTP Server 2.4.0 and later

Set the default encoding to be returned if not specified. Must be one of "pem", "x-pem" or "der".