[CentOS] Certificates Revocation Lists and Apache...
centos at linuxpowered.net
Wed Nov 4 15:40:41 UTC 2009
John Doe wrote:
> [warn] Invalid signature on CRL
> [error] Certificate Verification: Error (8): CRL signature failure
Any relation to this?
I've worked with a lot of ssl stuff in apache but have never
touched CRL before.
Interestingly enough I found last year that some of verisign's
CRLs weren't built to scale, one of our customers put some content
on their site that pointed back to us, which then triggered a call
to the CRL for those people using IE and Symantec anti virus(which
turned on the CRL option in IE), the site was a very high traffic
site and the customers routinely got errors from the CRL site
because it was overloaded with requests.
So few use CRL, I really don't see the benefit, but I suppose in
really controlled environments it could be useful(just not to me).
More information about the CentOS