TLSCARevocationPath

Name

TLSCARevocationPath -- Define a path to your CA revocation certificates

Synopsis

TLSCARevocationPath [ Path to a directory with CA revocation certificates]

Default

None

Context

server config, <Global>, <VirtualHost>

Module

mod_tls

Compatibility

1.2.7rc1 and later

Description

The TLSCARevocationPath directive sets the directory for the Certificate Revocation Lists (CRL) of Certification Authorities (CAs) for your clients. These are used during the verification of client certificates, if presented. This directive may be used in addition to, or as alternative for, TLSCARevocationFile.

The files in the configured directory have to be PEM-encoded, and are accessed through hash filenames. This means one cannot simply place the CRLs there: one also has to create symbolic links named hash-value.N. The c_rehash utility that comes with OpenSSL can be used to create the necessary symlinks.

See also

TLSCARevocationFile

Examples

TLSCARevocationPath /etc/ftpd/crl/