httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Collyer <scoll...@netspinner.co.uk>
Subject Re: [users@httpd] revocation list
Date Mon, 12 Dec 2005 14:46:02 GMT
Luiz Gustavo Anflor Pereira wrote:
> Hello all
> 
> I want to implement a secure site through digital authentication, and i
> found that i need to keep the Certificate Revocation Lists. It is ok, i
> can download them from the net, but my question is: is there a way to
> consult the lists online, when the user tries to authenticate himself?
> Is it possible to configure apache to consult the lists on the CAs
> sites?

I think what you are looking for is OCSP support, where OCSP
(Online Certificate Status Protocol) allows you to query a
third party (usually a CA) to ask if a particular cert has been
revoked.

Unfortunately, I'm not sure if there's:

a) any good support in Apache for this yet (a bit of
Googling suggests not)

or

b) any widespread support for this from CAs.

Unless anyone knows any better, you're probably stuck with the
CRLs for the time being.

-- 
Regards

Stephen Collyer
Netspinner Ltd

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message