Question about ssl CRL

Alex Samad - Yieldbroker Alex.Samad at
Tue Oct 23 06:25:06 UTC 2012


New to nginx, trying to setup a SSL reverse proxy. I have the SSL server and client setup working, but when I add in crl pem it fails

I downloaded the CRL from verisign converted from DER to PEM format and saved.

When I uncomment 
        #ssl_crl /var/www/;
My clients fail to connect, I get an 400 error !

Not sure what the issue is ?



server {
    listen       447 ssl;

        ssl                 on;
        ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
        ssl_certificate     /var/www/;
        ssl_certificate_key /var/www/;
        ssl_session_cache   shared:SSL:10m;
        ssl_session_timeout 10m;

        # 1.3.7
        #ssl_client_certificate /var/www/;
        #ssl_trusted_certificate /var/www/;

        ssl_client_certificate /var/www/;
        #ssl_crl /var/www/;

        ssl_verify_client on;
        ssl_verify_depth 3;

    access_log  /var/log/nginx/  main;
    error_log  /var/log/nginx/ warn;

    location / {
        root   /var/www/;
        index  index.html index.htm;
        autoindex on;

More information about the nginx mailing list