Redwax Server – mod

Certificate Revocation List Module

Generate and return a certificate revocation list as a response.

What does it do?

Based on configuration of the backend modules, the certificate chain is returned as a DER or PEM encoded certificate revocation list as per RFC5280.

Module Integration

The mod_crl module is a frontend module and will not do anything useful until mod_crl has been combined with one or more backend modules listed below. The mod_crl module uses the following hook to get the certificate revocation list, and suitable backend modules must be configured to implement each hook as needed.

All frontend modules run within a standard Apache httpd request, and standard httpd functionality applies in all cases.

Certificate Revocation List Hook

This hook returns the certificate revocation list for the configured certificate authority.

mod_ca_crl

Read the certificate sign request from disk.

Examples

Basic Example

The simplest case: return the certificate revocation list to anybody who wants one.


# backend configuration:
<IfModule mod_ca_crl.c>
  # return this crl
  CACRLCertificateRevocationList /etc/pki/tls/ca-crl.pem
</IfModule>

# frontend configuration:
<IfModule mod_crl.c>
  <Location /crl>
    SetHandler crl
  </Location>
</IfModule>

Handler Reference

The following parameters to the SetHandler directive are supported.

crl Handler

After calling the getcrl hook return the DER or PEM encoded certificate revocation list.

SetHandler crl

Directive Reference

CrlFreshness Directive

Description	The max-age of the certificate revocation list will be divided by this factor.
Syntax	`CrlFreshness factor [max-seconds]`
Default	`CrlFreshness 2 86400`
Context	server config, virtual host, directory, .htaccess
Status	Frontend
Module	mod_crl
Compatibility	Introduced in mod_crl 0.2.0 and works with Apache HTTP Server 2.4.0 and later

The age of the certificate revocation list will be divided by this factor when added as a max-age, set to zero to disable. Defaults to "2". An optional maximum value can be specified, defaults to one day.

CrlLocation Directive

Description	Set the URL location of the WADL returned by the OPTIONS method.
Syntax	`CrlLocation url`
Default	`CrlLocation [current-URL]`
Context	server config, virtual host, directory, .htaccess
Status	Frontend
Module	mod_crl
Compatibility	Introduced in mod_crl 0.2.0 and works with Apache HTTP Server 2.4.0 and later

Set the URL location of the WADL returned by the OPTIONS method.

CrlEncoding Directive

Description	Set to the default encoding to be returned if not specified.
Syntax	`CrlEncoding encoding`
Default	`CrlEncoding der`
Context	server config, virtual host, directory, .htaccess
Status	Frontend
Module	mod_crl
Compatibility	Introduced in mod_crl 0.2.0 and works with Apache HTTP Server 2.4.0 and later

Set the default encoding to be returned if not specified. Must be one of "pem", "x-pem" or "der".