httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 50740] Enable OCSP Stapling by default
Date Tue, 08 Nov 2011 19:04:45 GMT

--- Comment #15 from Kai Engert <> 2011-11-08 19:04:45 UTC ---
I've installed Apache 2.3.14-beta with OCSP stapling enabled at: - good certificate - revoked certificate

Thanks to StartCom for providing me with free certificates, and also for
providing a free revocation service.

Note to other CAs, (as inspired by Gerv's and Joe's recommendation to test
against additional CA vendors):

I'm willing to install additional certificates - good and revoked - at
additional ports on my server.

If you operate a CA trusted by Firefox, your certificates include AIA OCSP, and
you would like to contribute one good and one revoked certificate to me for
free, please get in contact with me, and I will send you two CSRs for

I've started to enhance the NSS client tools [1] to request, retrieve and dump
OCSP stapling information.

My test against (a) was successful.

I've performed initial testing using Firefox, based on a work-in-progress patch
[2] that implement OCSP stapling in the NSS library.

My test against (a) was successful.

I've also tested using "openssl s_client -status ..." but I assume this is the
same test that was performed while developing OCSP stapling support for Apache.



Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message