How to use "Classic" CRL?

Phil Mayers p.mayers at
Wed Jan 11 10:01:04 CET 2012

On 01/10/2012 08:31 PM, Christ Schlacta wrote:
> Is it possible yet to configure freeradius TLS to use a classic CRL, as
> in a single file that's downloaded from the authority every once in a
> while that is a.. well, CRL, rather than a directory with hashed stuff
> in it? I'm not in front of my fr right now, so I don't know the exact
> terminology used in the config, but you know what I'm talking about.
> This hashed folder of stuff makes it very difficult to maintain a CRL
> with freeradius, because, at least in part, it adds an additional level
> of complexity not present in every other openssl application.

That's not entirely true. FreeRADIUS just uses the OpenSSL APIs, and 
other OpenSSL applications use similar mechanisms.

I'm also not sure why running the OpenSSL "c_rehash" command/script is 
"very difficult" for you; can you explain?

Anyway, the answer is no - FreeRADIUS does not offer any config option 
to point to a single CRL file. For one thing, a CRL file limits you to a 
single CA. CRL directories are the more general mechanism.

More information about the Freeradius-Users mailing list