httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From daniel bryan <danbrya...@gmail.com>
Subject [users@httpd] Multiple OCSP Responders
Date Tue, 04 Feb 2014 22:04:09 GMT
Is there a way to configure httpd to use specific responders for specific
issuers?

For example: Suppose I have 2 self signed root CA's.  CA1 and CA2.  I also
have 2 OCSP responders. RSP1 signed off CA1 and RSP2 signed off CA2.  I
would like to know if it's possible to configure a web server to send all
client auth requests from users issued off CA1 to RSP1 and all clients
issued off CA2 to RSP2.  I am aware that the AIA extension allows you to
map a certificate to a responder but I am looking for alternative solutions
that allow the server to make the choice when no AIA is present.

Something like:

SSLOCSPEnable on
SSLOCSPMATCH (regular expression to match Subject line of a CA1)
http://rsp1.domain.com:80/
SSLOCSPMATCH (regular expression to match Subject line of a CA2)
http://rsp2.domain.com:80/

Thanks,

Dan Bryan

Mime
View raw message