diff options
author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2019-09-05 13:47:51 +0300 |
---|---|---|
committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2019-09-05 14:59:34 +0300 |
commit | 521797cbe696c99d360a7de93e3f096a6a962a21 (patch) | |
tree | 5690f6a583f1ebca4e1b1a414e94dbb4e87db279 /README.md | |
parent | 05c3396dd08b75903f2514efc9b1dab2325d2644 (diff) | |
download | dmvpn-tools-521797cbe696c99d360a7de93e3f096a6a962a21.tar.bz2 dmvpn-tools-521797cbe696c99d360a7de93e3f096a6a962a21.tar.xz |
dmvpn-crl-update: mirror using wgetv1.2.0
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 22 |
1 files changed, 18 insertions, 4 deletions
@@ -100,14 +100,28 @@ private key, and the root certificate. The password is embedded in the file name. The file should be renamed when using out-of-band delivery for the password. -## Setting Up CRL Distribution Point +## Setting Up a CRL Distribution Point -In this example, the CA host serves also as the CRL distribution point. It is -assumed that `crl.example.com` resolves to the IP address of that host. +In this example, the CA host serves also as the master CRL distribution point. +In addition, there may be other distribution points which periodically mirror +the CRL from the CA host. It is assumed that `ca.example.com` resolves to the +CA host and `crl.example.com` resolves to the IP addreses of all distribution +points. -Execute the following commands on the CA host to set up CRL distribution: +Install the CRL distribution point package on the target host (CA host or +mirror): <pre>apk add dmvpn-crl-dp +</pre> + +If setting up a mirror, configure the master distribution point by creating a +file named `/etc/dmvpn-crl-dp.conf` with the following contents: +<pre>MASTER_CRL_URL=http://ca.example.com/dmvpn-ca.crl +</pre> + +Activate CRL distribution by executing the following commands: + +<pre> dmvpn-crl-update rc-update add lighttpd rc-service lighttpd start |