httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r1635510 - /httpd/httpd/trunk/docs/manual/ssl/ssl_howto.xml
Date Thu, 30 Oct 2014 14:23:01 GMT
Author: trawick
Date: Thu Oct 30 14:23:01 2014
New Revision: 1635510

more hints for OCSP Stapling:

* when a different cache mechanism is used...
* testing that your server sends an OCSP response


Modified: httpd/httpd/trunk/docs/manual/ssl/ssl_howto.xml
--- httpd/httpd/trunk/docs/manual/ssl/ssl_howto.xml (original)
+++ httpd/httpd/trunk/docs/manual/ssl/ssl_howto.xml Thu Oct 30 14:23:01 2014
@@ -143,6 +143,33 @@ placed, such as in <code>conf/extra/http
 open source builds of httpd, <code>/etc/apache2/mods-enabled/ssl.conf</code>
 for the Ubuntu or Debian-bundled httpd, etc.</p>
+<p>This particular <directive>SSLStaplingCache</directive> directive requires
+<module>mod_socache_shmcb</module> (from the <code>shmcb</code> prefix
on the
+directive's argument).  This module is usually enabled already for
+<directive>SSLSessionCache</directive> or on behalf of some module other than
+<module>mod_ssl</module>.  If you enabled an SSL session cache using a 
+mechanism other than <module>mod_socache_shmcb</module>, use that alternative
+mechanism for <directive>SSLStaplingCache</directive> as well.  For example:</p>
+    <highlight language="config">
+SSLSessionCache "dbm:ssl_scache"
+SSLStaplingCache "dbm:ssl_stapling"
+    </highlight>
+<p>You can use the openssl command-line program to verify that an OCSP response
+is sent by your server:</p>
+$ openssl s_client -connect -status -servername
+OCSP response: 
+OCSP Response Data:
+    OCSP Response Status: successful (0x0)
+    Response Type: Basic OCSP Response
 <p>The following sections highlight the most common situations which require
 further modification to the configuration.  Refer also to the 
 <module>mod_ssl</module> reference manual.</p>

View raw message