CRL updates not detected automatically
Orion Poplawski
orion at nwra.com
Mon Sep 19 15:32:11 UTC 2022
Hello -
We are running freeradius on EL7/EL8 machines:
freeradius-3.0.13-15.el7.x86_64
freeradius-3.0.20-12.module_el8.6.0+2865+fd6928c8.x86_64
and have just enabled CRL checking with `check_crl = yes` in mods-enabled/eap.
We also have a script to update the CRL files - but radiusd seems to require a
restart in order to load the new CRL. Is this expected? It seems rather
problematic.
Our certs directory looks like:
lrwxrwxrwx. 1 root root 15 Sep 13 05:05 241bed0c.0 -> ad.nwra.com.crt
lrwxrwxrwx. 1 root root 22 Sep 13 05:05 241bed0c.r0 -> ad-AD-SEATTLE01-CA.crl
lrwxrwxrwx. 1 root root 10 Sep 13 05:05 599be2cf.0 -> ipa_ca.crt
lrwxrwxrwx. 1 root root 7 Sep 13 05:05 599be2cf.r0 -> ipa.crl
-rw-r--r--. 1 root radiusd 4850 Sep 19 08:20 ad-AD-SEATTLE01-CA.crl
-rw-r-----. 1 root radiusd 2024 Sep 13 05:04 ad.nwra.com.crt
-rw-r-----. 1 root radiusd 1276 Sep 13 05:04 ipa_ca.crt
-rw-r--r--. 1 root radiusd 1507 Sep 19 08:20 ipa.crl
Thanks,
Orion
--
Orion Poplawski
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 https://www.nwra.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3847 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20220919/fdf57675/attachment.bin>
More information about the Freeradius-Users
mailing list