diff options
author | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-03-29 03:53:19 +0000 |
---|---|---|
committer | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-03-29 03:53:19 +0000 |
commit | 6c20ba0ca3f1eba1ebe9483f21143f37b54e3197 (patch) | |
tree | 7d667ce6c2c9630872773455312b7e49b13f1635 /pki/base/ra/apache | |
parent | ea9e8b305e9a50f45d79738389aca4df6bf52aaf (diff) | |
download | pki-6c20ba0ca3f1eba1ebe9483f21143f37b54e3197.tar.gz pki-6c20ba0ca3f1eba1ebe9483f21143f37b54e3197.tar.xz pki-6c20ba0ca3f1eba1ebe9483f21143f37b54e3197.zip |
Bugzilla Bug #492503 - Integrate "mod_revocator" as a runtime dependency for
RA and TPS
Bugzilla Bug #492180 - Security officer: token recovery for a security officer
throws error 28 'connection to server lost'.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@348 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/ra/apache')
-rw-r--r-- | pki/base/ra/apache/conf/httpd.conf | 2 | ||||
-rw-r--r-- | pki/base/ra/apache/conf/revocator.conf | 19 |
2 files changed, 21 insertions, 0 deletions
diff --git a/pki/base/ra/apache/conf/httpd.conf b/pki/base/ra/apache/conf/httpd.conf index b3e36d279..e3b244b58 100644 --- a/pki/base/ra/apache/conf/httpd.conf +++ b/pki/base/ra/apache/conf/httpd.conf @@ -254,6 +254,8 @@ LoadModule negotiation_module [FORTITUDE_LIB_DIR]/modules/mod_negotiation.so LoadModule cgi_module [FORTITUDE_LIB_DIR]/modules/mod_cgi.so # Required module for commands in nss.conf: [FORTITUDE_NSS_MODULES] +# Required module for commands in revocator.conf: +[FORTITUDE_REVOCATOR_MODULES] <Location /nk_service> SetHandler nk_service diff --git a/pki/base/ra/apache/conf/revocator.conf b/pki/base/ra/apache/conf/revocator.conf new file mode 100644 index 000000000..dda30132b --- /dev/null +++ b/pki/base/ra/apache/conf/revocator.conf @@ -0,0 +1,19 @@ +# CRL Engine Switch: +# Enable/Disable CRL retrieval + +CRLEngine on + +# CRL Age Check Switch: +# Shut the server down if a CRL expires +CRLAgeCheck off + +# CRL Update Critical Switch: +# Shut the server down if a CRL cannot be retrieved +CRLUpdateCritical off + +# CRL URLs: +# A space delimited list of URLs to retrieve and install. +# protocol://urldata;update_interval;max_age +#CRLFile "ldap://ldap.example.com:5000/o=example.net?usercertificate%3binary?sub?(sn=Jensen)??;30;30" +#CRLFile "exec:///usr/sbin/ldapget|ldap://ldap.example.com:3389/o=example.com?userCertificate%3bbinary?sub?(uid=crl)??;30;30" +#CRLFile "https://ca.example.com:1025/getCRL?op=getCRL&issuepoint=MasterCRL;30;30" |