New CRL, need to killall -HUP radiusd?

Jason Carr jcarr at andrew.cmu.edu
Wed Apr 19 19:43:55 CEST 2006


Our freeradius server is having a problem with CRL's expiring, however
we have a new CRL copying over every 5 minutes.

We have a 4 hour expire on our CRL's and I'm wondering if I need to
killall -HUP radiusd in order for the new CRL to be picked up.  I was
looking through the code and it seems like the only thing that the
freeradius code does with CRL's is to tell the X509 store to look for
the CRL, but that seems about it.

When I copy my CRL over I do the following...

wget -q http://somesite.com/crl/crlfile.dem -O /tmp/crlfile.dem.new
mv /tmp/crlfile.dem.new /home/freeradius/etc/certs/crlfile.dem
openssl crl -inform dem -outform pem
-in /home/freeradius/etc/certs/crlfile.dem
-out /home/freeradius/etc/certs/crlfile.pem
c_rehash /home/freeradius/etc/certs/

So, do I need to do something or these CRL's to be updated while radiusd
is running?  Any other helpful hints would be greatly appreciated.




More information about the Freeradius-Users mailing list