SSLVerifyClient ignores expiration date

Question

SSLVerifyClient ignores expiration date

I have a web service and am configured to check client certificates

SSLCACertificateFile /xxxx/rootca-cert.pem

<Location /manage/ccc>
  SSLVerifyClient require
  SSLVerifyDepth 1
  SSLOptions +StdEnvVars
</Location>

My clients work with certificates signed by this rootca-cert.pem.

My problem is that the rootca file will end soon, and it's not easy for me to renew the client-side certificates. Is it possible to configure apache so that it continues to verify client certificates, but ignores the fact that both cortical and client certificates have expired?

+5

ssl apache client

user462301 Feb 01 '12 at 23:44

source share

1 answer

foo · Answer 1 · 2012-11-01T20:17:53+0000

Apache mod_ssl does not allow ignoring expired certificates, even if "optional_no_ca" is used. The only fix is to fix the mod_ssl code or set your server time in time.

SSLVerifyClient ignores expiration date

More articles: