EAP-TLS - CRL Checking - Expired?

Benjamin Bennett ben at psc.edu
Tue Nov 7 03:36:02 CET 2006


Stephen Bowman wrote:
> What determines the expire time of a CRL?
> 
> I noticed that within the CRL there is a Next Update field.. is this
> what it uses?

yes.  You will probably want to make sure that you generate and
distribute new CRLs on a schedule that leaves you with enough time to
detect/correct failures before hitting the previous CRL's NextUpdate.

--ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061106/a7818a3f/attachment.pgp>


More information about the Freeradius-Users mailing list