x509-use-crl

Use the certificate revocation list

Syntax

--x509-use-crl

Description

x509-use-crl specifies that the server instance uses the certificate revocation list (CRL). By default, instances do not use any CRLs. In this case, the CRLs in the certificate authority store are ignored.

If x509-use-crl is added, the CRLs are loaded and participate in the client certificate verification. If the CRL has expired, the SSL handshake is rejected.

Examples

The instance uses certificate revocation list when authenticating clients.

--x509-use-crl