Question about ssl CRL

Alex Samad - Yieldbroker Alex.Samad at yieldbroker.com
Tue Oct 23 06:25:06 UTC 2012


Hi

New to nginx, trying to setup a SSL reverse proxy. I have the SSL server and client setup working, but when I add in crl pem it fails


I downloaded the CRL from verisign converted from DER to PEM format and saved.

When I uncomment 
        #ssl_crl /var/www/dev.xyz.com/certs/crl.pem;
My clients fail to connect, I get an 400 error !


Not sure what the issue is ?

Thanks
Alex

{code}

server {
    listen       447 ssl;
    server_name  dev.xyz.com;



        ssl                 on;
        ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
        ssl_certificate     /var/www/dev.xyz.com/certs/dev.xyz.com.crt;
        ssl_certificate_key /var/www/dev.xyz.com/certs/dev.xyz.com.key;
        ssl_session_cache   shared:SSL:10m;
        ssl_session_timeout 10m;


        # 1.3.7
        #ssl_client_certificate /var/www/dev.xyz.com/certs/dev.xyz.com.AcceptableUserCertsCA;
        #ssl_trusted_certificate /var/www/dev.xyz.com/certs/dev.xyz.com.UserCertsCA;

        ssl_client_certificate /var/www/dev.xyz.com/certs/dev.xyz.com.UserCertsCA;
        #ssl_crl /var/www/dev.xyz.com/certs/crl.pem;

        ssl_verify_client on;
        ssl_verify_depth 3;

    access_log  /var/log/nginx/dev.xyz.com.access.log  main;
    error_log  /var/log/nginx/dev.xyz.com.error.log warn;

    location / {
        root   /var/www/dev.xyz.com/wwwroot/;
        index  index.html index.htm;
        autoindex on;
    }




More information about the nginx mailing list