ssl - Apache not checking crl for revoked certificates -

-

i'm having issue can't identify cause of.

i set-up testing purposes local ca , webserver in virtualbox under ubuntu.

i'm willing try client certificate-authentification.

i got far, can't access webserver without having valid certificate in browser.

the problem is, after revoking certificate, still access server.

in default-ssl.conf (which loaded) have set : 

sslcarevocationfile /etc/ssl/ca/crl/crl.pem

"crl.pem" created using "openssl ca -gencrl /etc/ssl/ca/crl/crl.pem"

openssl crl -in /etc/ssl/ca/crl/crl.pem -text generates following :

certificate revocation list (crl):         version 2 (0x1)     signature algorithm: sha256withrsaencryption         issuer: /c=au/st=some-state/o=internet widgits pty ltd         last update: may 29 13:10:55 2014 gmt         next update: jun 28 13:10:55 2014 gmt         crl extensions:             x509v3 crl number:                  4106 revoked certificates:     serial number: 01         revocation date: may 29 10:35:53 2014 gmt     serial number: 02         revocation date: may 29 00:32:33 2014 gmt     signature algorithm: sha256withrsaencryption          4a:95:31:27:df:2b:d3:5f:91:86:32:18:7e:04:1f:88:99:22:          2b:d6:03:8d:c6:1d:81:ca:06:a0:c3:c2:cf:fe:cb:8a:ec:f9:          7f:bb:37:4c:69:70:1e:43:0c:8e:97:89:f7:32:f8:bf:9c:3b:          fc:b2:25:55:98:a1:fe:7f:fb:ab:79:13:67:d6:75:02:c6:74:          03:34:bc:f3:df:61:d5:0f:e6:1e:24:8b:e7:b0:17:1b:c4:2f:          16:56:44:8d:e4:92:1f:48:51:23:a5:1d:54:26:a4:58:6b:4d:          07:40:bb:48:7f:c1:61:00:55:20:d2:a1:56:f9:38:fa:f9:84:          de:2a:a5:2a:69:82:d7:8b:35:24:5b:4d:ee:c0:33:7c:b6:d6:          83:e2:f8:79:76:f9:04:55:80:45:8c:b1:9d:5b:8d:29:65:f9:          6d:de:d3:d2:53:6e:f0:d2:44:c9:3e:60:ca:67:0f:2b:f9:27:          0d:36:4b:90:d5:fe:7b:23:74:6b:94:e3:93:ea:4f:90:2b:db:          c8:96:29:4b:cc:42:f6:31:27:e6:a2:ce:a3:c8:fa:47:74:bd:          32:51:71:f3:66:fb:2d:76:0f:ca:64:23:55:eb:f8:5e:bc:0d:          eb:f9:e4:7a:7f:72:be:fd:1a:a7:76:32:5e:0f:21:b9:c7:2a:          89:ac:53:26 -----begin x509 crl----- miibytcbsgibatanbgkqhkig9w0baqsfadbfmqswcqydvqqgewjbvtetmbega1ue cawku29tzs1tdgf0ztehmb8ga1uecgwysw50zxjuzxqgv2lkz2l0cybqdhkgthrk fw0xnda1mjkxmzewntvafw0xnda2mjgxmzewntvamcgwegibarcnmtqwnti5mtaz ntuzwjasagecfw0xnda1mjkwmdmymznaoa8wdtalbgnvhrqebaiceaowdqyjkozi hvcnaqelbqadggebaeqvmsffk9nfkyyygh4eh4iziivwa43ghyhkbqddws/+y4rs +x+7n0xpcb5ddi6xifcy+l+co/yyjvwyof5/+6t5e2fwdqlgdam0vppfydup5h4k i+ewfxvelxzwri3kkh9iusolhvqmpfhrtqdau0h/wweavsdsovb5opr5hn4qpspp gtelnsrbte7am3y21opi+hl2+qrvgewmsz1bjsll+w3e09jtbvdsrmk+ympndyv5 jw02s5dv/nsjdguu45pqt5ar28iwkuvmqvyxj+aizqpi+kd0vtjrcfnm+y12d8pk i1xr+f68dev55hp/cr79gqd2ml4pibnhkomsuyy= -----end x509 crl-----

i tried both certificates serial 01 , 02 , i'm able login both of them.

does has idea problem may ?

thank !

try putting following directive in conf files (i.e. default-ssl.conf)

sslcarevocationcheck chain

then stop , start apache2 service , see result.

supawat p.


Comments

Post a Comment

Popular posts from this blog

php - render data via PDO::FETCH_FUNC vs loop -

-
i've been using 2 methods render data. the first one: function name($id,$name){ return '<div id="'.$id.'">'.$name.'</div>'; } echo implode($pdo->query("select id,name user")->fetchall(pdo::fetch_func,'name')); the second one: $users = $pdo->query("select id,name user")->fetchall(pdo::fetch_obj); foreach($users $user){ echo name($user->id,$user->name); } i don't understand how pdo::fetch_func works. tried figure out. however, not well-documented. could please explain fetch mode? , also, 1 performs better? thank you. both methods wrong , have learn how use templates , how separate business logic presentation logic. $users = $pdo->query("select id,name user")->fetchall(pdo::fetch_obj); tpl::assign('users', $users); is code business logic part. then in template <?php foreach $users $row): ?> <div id="<?=$...
Read more

c++ - OpenCV Error: Assertion failed <scn == 3 ::scn == 4> in unknown function, -

-
i read alot other solution still confused should mine... #include <opencv2/objdetect/objdetect.hpp> #include <opencv2/highgui/highgui.hpp> #include <opencv2/imgproc/imgproc.hpp> #include <iostream> #include <stdio.h> using namespace std; using namespace cv; int main(int argc, const char** argv) { //create cascade classifier object used face detection cascadeclassifier face_cascade; //use haarcascade_frontalface_alt.xml library face_cascade.load("haarcascade_frontalface_alt.xml"); //setup video capture device , link first capture device videocapture capturedevice; capturedevice.open(0); //setup image files used in capture process mat captureframe; mat grayscaleframe; //create window present results namedwindow("outputcapture", 1); //create loop capture , find faces while (true) { //capture new image frame capturedevice >> captureframe; ...
Read more

The canvas has been tainted by cross-origin data in chrome only -

-
uncaught securityerror: failed execute 'getimagedata' on 'canvasrenderingcontext2d': canvas has been tainted cross-origin data i getting above error in chrome. code(following) works fine in mozilla. have not corss domain issue. why above error in chrome? var wheel_canvas, wheel_context, can_w, can_h, wheel_grd; var large_radius = 160; var small_radius = 120; var wheel_canvas = document.getelementbyid('wheel_canvas'); var wheel_context = wheel_canvas.getcontext('2d'); var can_w = $(wheel_canvas).width(); var can_h = $(wheel_canvas).height(); var centerx = can_w / 2, centery = can_h / 2; var wheel_grd = null; test('#ff0000'); function test(hex) { $('#clrpicker').css({'left': 210, 'top': 210 }); inverted = hexbw(hex); $('#color_val_show').val(hex); current_color_hex_val_selected = hex; $('#color_val_show').css({'color':inverted,'background':hex}); fillgradient...
Read more