httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 50740] Enable OCSP Stapling by default
Date Thu, 09 Jun 2011 12:18:05 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=50740

--- Comment #5 from Rob Stradling <rob@comodo.com> 2011-06-09 12:18:05 UTC ---
(In reply to comment #4)
> I've now been investigating if the stapling correctry works.
> The build successfully conpleted and the apache process invoked without error.
> But when I access to the apache via IE8 and firefox 3.5, no OCSP request comes
> from the apache.
> 
> The browser's behaviour:
> IE8 directly requests to the OCSP responder.

What version of Windows are you using?
IE8 on XP doesn't support OCSP Stapling.

> Firefox shows "Invalid OCSP signing certificate in OCSP response." and stops
> the connection.

No version of Firefox supports OCSP Stapling yet.

<snip>
> The following error log was generated by the apache:
> [Mon Jun 06 19:01:50.275314 2011] [ssl:error] [pid 17404:tid 3075525520]
> stapling_check_response: response times invalid

I wonder if the "response times invalid" error from Apache and the "Invalid
OCSP signing certificate" error from Firefox are related.

Has your OCSP Signing Certificate expired, by any chance?

Is your httpd-2.3.12-beta server publicly accessible?

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message