You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I currently combine several CA certificates and set it as 'lua_ssl_trusted_certificate', it works when I make https requests with different CA certificates. Now I try to add a parameter 'lua_ssl_crl' to enable crl certification, it seems that crl file can also be combined to one file, but when I try to make a https requests with CA certificate in 'lua_ssl_trusted_certificate' and CRL file not in 'lua_ssl_crl', nginx would report '3: unable to get certificate CRL', whereas a https requests with CA certificate in 'lua_ssl_trusted_certificate' and CRL file in 'lua_ssl_crl' would report '23: certificate revoked' (which is what I expect). My question is, is it necessary to add an associated CRL to 'lua_ssl_crl' when I add a new CA certificate to 'lua_ssl_trusted_certificate'?
The text was updated successfully, but these errors were encountered:
In other words, If I set TWO differrent CA certificates (CA1 and CA2) in lua_ssl_trusted_certificate, and only ONE CRL issued by CA1 in lua_ssl_crl, whether the CRL issued by CA2 is mandatory when OpenResty verifies certificates?
OpenResty version: 1.21.4.1
I currently combine several CA certificates and set it as 'lua_ssl_trusted_certificate', it works when I make https requests with different CA certificates. Now I try to add a parameter 'lua_ssl_crl' to enable crl certification, it seems that crl file can also be combined to one file, but when I try to make a https requests with CA certificate in 'lua_ssl_trusted_certificate' and CRL file not in 'lua_ssl_crl', nginx would report '3: unable to get certificate CRL', whereas a https requests with CA certificate in 'lua_ssl_trusted_certificate' and CRL file in 'lua_ssl_crl' would report '23: certificate revoked' (which is what I expect). My question is, is it necessary to add an associated CRL to 'lua_ssl_crl' when I add a new CA certificate to 'lua_ssl_trusted_certificate'?
The text was updated successfully, but these errors were encountered: