Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 84121 invoked from network); 16 Oct 2008 09:40:04 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 16 Oct 2008 09:40:04 -0000 Received: (qmail 60115 invoked by uid 500); 16 Oct 2008 09:39:54 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 60096 invoked by uid 500); 16 Oct 2008 09:39:54 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 60085 invoked by uid 99); 16 Oct 2008 09:39:54 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Oct 2008 02:39:54 -0700 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [212.23.3.141] (HELO smarthost02.mail.zen.net.uk) (212.23.3.141) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Oct 2008 09:38:45 +0000 Received: from [88.96.12.158] (helo=[172.16.45.12]) by smarthost02.mail.zen.net.uk with esmtp (Exim 4.63) (envelope-from ) id 1KqPKD-00020K-UK for users@httpd.apache.org; Thu, 16 Oct 2008 09:39:22 +0000 Message-ID: <48F70BC0.1040006@pc-tony.com> Date: Thu, 16 Oct 2008 10:39:12 +0100 From: Tony Stevenson User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: users@httpd.apache.org References: <1E5DDB0AD7F8FA4EA12097917C2FD18D08BE5BBB9C@BLRKECMBX04.ad.infosys.com> In-Reply-To: <1E5DDB0AD7F8FA4EA12097917C2FD18D08BE5BBB9C@BLRKECMBX04.ad.infosys.com> X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Originating-Smarthost02-IP: [88.96.12.158] X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] How does Apache handle expired server certificate and expired CA root certificate? Swapan Gupta wrote: > Hi, > > > > Appreciate if someone could share more info on the following: > > > > Does Apache do any special handling if the installed server certificate > or the CA root certificate has expired? > > > > In my installation, we are seeing that the expired Server certificate is > sent to the client when a resource is accessed over https. > > Is this the expected behavior? Yes it is. > > > > If not, do we need to do any specific configuration on Apache, which > will prevent Apache from sending the server certificate? > > > > Please suggest what is the expected behavior in such cases when the > server certificate or the CA root certificate has expired and client > accesses a resource over https. The browser *should* warn the user that certificate is now invalid. In other words it no longer is within the accepted date range. You could potentially write a little script that pulls a copy of the certificates from all your sites, and if less than aweek to go fires off an email, or you could just add a calendar item with a reminder. :-) -- ----------------------------------------- Tony Stevenson tony@pc-tony.com // pctony@apache.org http://www.pc-tony.com/ 1024D/51047D66 ECAF DC55 C608 5E82 0B5E 3359 C9C7 924E 5104 7D66 ----------------------------------------- --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org