httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Stevenson <t...@pc-tony.com>
Subject Re: [users@httpd] How does Apache handle expired server certificate and expired CA root certificate?
Date Thu, 16 Oct 2008 09:39:12 GMT
Swapan Gupta wrote:
> Hi,
> 
>  
> 
> Appreciate if someone could share more info on the following:
> 
>  
> 
> Does Apache do any special handling if the installed server certificate
> or the CA root certificate has expired?
> 
>  
> 
> In my installation, we are seeing that the expired Server certificate is
> sent to the client when a resource is accessed over https.
> 
> Is this the expected behavior?

Yes it is.

> 
>  
> 
> If not, do we need to do any specific configuration on Apache, which
> will prevent Apache from sending the server certificate?
> 
>  
> 
> Please suggest what is the expected behavior in such cases when the
> server certificate or the CA root certificate has expired and client
> accesses a resource over https.

The browser *should* warn the user that certificate is now invalid. In
other words it no longer is within the accepted date range.

You could potentially write a little script that pulls a copy of the
certificates from all your sites, and if less than aweek to go fires off
an email, or you could just add a calendar item with a reminder.  :-)

-- 


-----------------------------------------
Tony Stevenson
tony@pc-tony.com  //  pctony@apache.org
http://www.pc-tony.com/

1024D/51047D66 ECAF DC55 C608 5E82 0B5E  3359 C9C7 924E 5104 7D66
-----------------------------------------

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message