httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 50740] Enable OCSP Stapling by default
Date Tue, 08 Nov 2011 19:04:45 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=50740

--- Comment #15 from Kai Engert <kaie@kuix.de> 2011-11-08 19:04:45 UTC ---
(a)
I've installed Apache 2.3.14-beta with OCSP stapling enabled at:

https://kuix.de:5143/ - good certificate
https://kuix.de:5144/ - revoked certificate

Thanks to StartCom for providing me with free certificates, and also for
providing a free revocation service.


(b)
Note to other CAs, (as inspired by Gerv's and Joe's recommendation to test
against additional CA vendors):

I'm willing to install additional certificates - good and revoked - at
additional ports on my server.

If you operate a CA trusted by Firefox, your certificates include AIA OCSP, and
you would like to contribute one good and one revoked certificate to me for
free, please get in contact with me, and I will send you two CSRs for
domain/hostname kuix.de


(c)
I've started to enhance the NSS client tools [1] to request, retrieve and dump
OCSP stapling information.

My test against (a) was successful.


(d)
I've performed initial testing using Firefox, based on a work-in-progress patch
[2] that implement OCSP stapling in the NSS library.

My test against (a) was successful.


(e)
I've also tested using "openssl s_client -status ..." but I assume this is the
same test that was performed while developing OCSP stapling support for Apache.


Kai


[1] https://bugzilla.mozilla.org/show_bug.cgi?id=700701
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=360420

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message