[RADIATOR] CRL reload error
Heikki Vatiainen
hvn at open.com.au
Wed Feb 1 16:07:32 CST 2012
On 02/01/2012 03:42 PM, Alexander Hartmaier wrote:
Hello Alexander,
> I've encountered another problem.
> I've written a bash script that downloads the crl once a day at one
> o'clock in the morning local time and restarts radiator afterwards
> because of the openssl crl caching.
> The CRL lifetime ends about 30 minutes later and radiator rejects all
> auths after that time because the crl isn't up2date any more.
> Do you have a solution for downloading the crl in sync with its lifetime?
There's nothing in goodies for this. If required, I would probably do
this by checking the output from openssl crl -nextupdate command and
then scheduling update based on that.
A quick search for possible scripts found this candidate. Maybe it might
be useful for ideas of how to do this?
http://www.id.ee/11051
See 'Sample script for automatic renewal ...'.
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list