httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luis Neves <>
Subject RE: [users@httpd] OCSP, CRL, apache and openssl questions
Date Fri, 25 Jun 2010 09:43:06 GMT


Shouldnt i use OCSP at all?
Should I post this in openssl lists instead?


Date: Wed, 16 Jun 2010 16:20:35 +0000
Subject: [users@httpd] OCSP, CRL, apache and openssl questions

Hi there,

I am unable to use the SSLOCSPEnable directive in ssl.conf

My httpd-2.2.3-6 running on RHEL5 gives a unknown module error when restarted:
"nvalid command 'SSLOCSPEnable', perhaps misspelled or defined by a module not included in
the server configuration"

it says that SSLOCSPEnable is "Available in httpd 2.3 and later"

so, do I need to download and compile httpd 2.3 on my RHEL to be able to use OCSP?
what alternatives do I have?

And what about using apache+mod_nss to be able to use OCSP with my current apache to "validate"
expired client X509 certificates instead of apache+mod_ssl?

Or at this state of apache development should I forget OCSP and try to use CRL and automate
CRL updates using some cron job and some scripting?

Luis Neves
Hotmail: Powerful Free email with security by Microsoft. Get it now. 		 	   		  
Hotmail: Free, trusted and rich email service.
View raw message