Hitachi

Hitachi Application Server V10 Definition Reference Guide (For UNIX® Systems)

2.3.152 SSLCRLAuthoritative

SSLCRLAuthoritative specifies the behavior when the date of the next CRL issuance passes.

Description

SSLCRLAuthoritative specifies how to handle the next issuance date of the CRL to be used for SSL client authentication.

Syntax

SSLCRLAuthoritative {On|Off}

Specifiable values

On

In SSL client authentication, if the next issuance date of the CRL corresponding to the client certificate has passed, authentication fails, and the web server denies access to the client. For this reason, proper handling of the CRL is required.

Off

Ignores the next issuance date of the CRL. The client can access the server even if it is not registered in the CRL, because the CRL is treated as valid, even if the next issuance date has passed. The security level is reduced, but the service can continue running at the minimum level of security, even if the CRL is not handled properly.

Default value

If the definition item is omitted

On

Locations where it can be written

httpsd.conf and <VirtualHost>

Example

SSLCRLAuthoritative On

After the next issuance date of a CRL passes, the web server denies access to clients holding a certificate issued by the CA that issued that CRL.

To Page Top

Trademarks

Copyright (C) 2015, Hitachi, Ltd.

Copyright (C) 2013, Oracle and/or its affiliates. All rights reserved.