Multiple OCSP Responders

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Is there a way to configure httpd to use specific responders for specific issuers?

For example: Suppose I have 2 self signed root CA's.  CA1 and CA2.  I also have 2 OCSP responders. RSP1 signed off CA1 and RSP2 signed off CA2.  I would like to know if it's possible to configure a web server to send all client auth requests from users issued off CA1 to RSP1 and all clients issued off CA2 to RSP2.  I am aware that the AIA extension allows you to map a certificate to a responder but I am looking for alternative solutions that allow the server to make the choice when no AIA is present.

Something like:

SSLOCSPEnable on
SSLOCSPMATCH (regular _expression_ to match Subject line of a CA1) http://rsp1.domain.com:80/
SSLOCSPMATCH (regular _expression_ to match Subject line of a CA2) http://rsp2.domain.com:80/

Thanks,

Dan Bryan
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux