Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 




      :: nginx-ru
Nginx-ru mailing list archive (nginx-ru@sysoev.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



, , , ޣ , .

nginx .

, ssl_crl


[root@almaz /usr/local/nginx/conf]# uname -sr



[root@almaz /usr/local/nginx/conf]# nginx -t

the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

configuration file /usr/local/nginx/conf/nginx.conf test is successful



[root@almaz /usr/local/nginx/conf]# nginx -V

nginx version: nginx/0.8.13

built by gcc 4.2.1 20070719 [FreeBSD]

configure arguments: --with-http_ssl_module


[root@almaz /usr/local/nginx/conf]# openssl version

OpenSSL 0.9.8e 23 Feb 2007


[root@almaz /usr/local/nginx/conf]# grep -i ssl nginx.conf

ssl on;

#ssl_protocols SSLv2 SSLv3 TLSv1;

ssl_protocols SSLv3 TLSv1;

ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;

ssl_certificate /usr/local/nginx/conf/almaz.pem;

ssl_certificate_key /usr/local/nginx/conf/almaz.key;

ssl_session_cache shared:SSL:10m;

ssl_session_timeout 10m;

ssl_client_certificate /usr/local/nginx/conf/chain.pem;

ssl_crl /usr/local/nginx/conf/crl.crl;

ssl_verify_client on;

ssl_verify_depth 2;


[root@almaz /usr/local/nginx/conf]# openssl crl -CAfile chain.pem -inform PEM -in crl.crl -lastupdate -nextupdate -noout

verify OK

lastUpdate=Sep 10 06:53:35 2009 GMT

nextUpdate=Sep 17 19:13:35 2009 GMT




[root@almaz /usr/local/nginx/conf]# less ../logs/error.log | tail -n 1

2009/09/10 22:08:46 [info] 7261#0: *2 client SSL certificate verify error: (3:unable to get certificate CRL) while reading client request headers, client: *.*.106.15, server: almaz.*.ru, request: "GET / HTTP/1.1", host: "almaz.*.ru"


[root@almaz /usr/local/nginx/conf]#


, .

7-(383)-336-10-36 /1591



Copyright © Lexa Software, 1996-2009.