httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 50740] Enable OCSP Stapling by default
Date Thu, 09 Jun 2011 12:18:05 GMT

--- Comment #5 from Rob Stradling <> 2011-06-09 12:18:05 UTC ---
(In reply to comment #4)
> I've now been investigating if the stapling correctry works.
> The build successfully conpleted and the apache process invoked without error.
> But when I access to the apache via IE8 and firefox 3.5, no OCSP request comes
> from the apache.
> The browser's behaviour:
> IE8 directly requests to the OCSP responder.

What version of Windows are you using?
IE8 on XP doesn't support OCSP Stapling.

> Firefox shows "Invalid OCSP signing certificate in OCSP response." and stops
> the connection.

No version of Firefox supports OCSP Stapling yet.

> The following error log was generated by the apache:
> [Mon Jun 06 19:01:50.275314 2011] [ssl:error] [pid 17404:tid 3075525520]
> stapling_check_response: response times invalid

I wonder if the "response times invalid" error from Apache and the "Invalid
OCSP signing certificate" error from Firefox are related.

Has your OCSP Signing Certificate expired, by any chance?

Is your httpd-2.3.12-beta server publicly accessible?

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message