Bugzilla Bug #492503 - Integrate "mod_revocator" as a runtime dependency for

                        RA and TPS
Bugzilla Bug #492180 -  Security officer: token recovery for a security officer
                        throws error 28 'connection to server lost'.


git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@348 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

2 files changed, 21 insertions, 0 deletions

diff --git a/pki/base/ra/apache/conf/httpd.conf b/pki/base/ra/apache/conf/httpd.conf
index b3e36d279..e3b244b58 100644
--- a/pki/base/ra/apache/conf/httpd.conf
+++ b/pki/base/ra/apache/conf/httpd.conf
@@ -254,6 +254,8 @@ LoadModule negotiation_module [FORTITUDE_LIB_DIR]/modules/mod_negotiation.so
 LoadModule cgi_module [FORTITUDE_LIB_DIR]/modules/mod_cgi.so
 # Required module for commands in nss.conf:
 [FORTITUDE_NSS_MODULES]
+# Required module for commands in revocator.conf:
+[FORTITUDE_REVOCATOR_MODULES]
 
 <Location /nk_service>
     SetHandler nk_service
diff --git a/pki/base/ra/apache/conf/revocator.conf b/pki/base/ra/apache/conf/revocator.conf
new file mode 100644
index 000000000..dda30132b
--- /dev/null
+++ b/pki/base/ra/apache/conf/revocator.conf
@@ -0,0 +1,19 @@
+#   CRL Engine Switch:
+#   Enable/Disable CRL retrieval
+
+CRLEngine on
+
+#   CRL Age Check Switch:
+#   Shut the server down if a CRL expires
+CRLAgeCheck off
+
+#   CRL Update Critical Switch:
+#   Shut the server down if a CRL cannot be retrieved
+CRLUpdateCritical off
+
+#   CRL URLs:
+#   A space delimited list of URLs to retrieve and install.
+#        protocol://urldata;update_interval;max_age
+#CRLFile "ldap://ldap.example.com:5000/o=example.net?usercertificate%3binary?sub?(sn=Jensen)??;30;30"
+#CRLFile "exec:///usr/sbin/ldapget|ldap://ldap.example.com:3389/o=example.com?userCertificate%3bbinary?sub?(uid=crl)??;30;30"
+#CRLFile "https://ca.example.com:1025/getCRL?op=getCRL&issuepoint=MasterCRL;30;30"