I am creating a certificate authority and issuing client certificates. I am using NodeJS to check to see if the certificate is valid. I am using the following to initiate my https server:
https.createServer({ca: [xxx], crl: xxx}, app).listen(443);
CA and CRL point to valid files. The problem is, if I revoke a certificate and update the crl file, node doesn't know unless I restart the process. Is there anyway for me to force node to reload the crl file?
Did you figure this out?
Instead of supplying files you should supply arrays of strings of the file contents.
I believe you could then modify the arrays by adding new revokes on-the-fly, but if I'm mistaken about that, at least you can stop listening on the previous server and start listening on the new server with something like this and have only moments of downtime.
newServer = https.createServer(opts, app)
server.on('close', function () {
server = newServer;
selver.listen(port);
});
server.close();
I think that will make it such that the original server instance still handles the currently connected clients, but no longer listen for new clients and when the current clients have disconnected it would get garbage collected. I may be mistaken, but that basic idea will at least get you on the correct path.