On 16 August 2017 at 13:54, Eric Covener <covener@xxxxxxxxx> wrote: > On Wed, Aug 16, 2017 at 8:50 AM, mike _ <arizonagroovejet@xxxxxxxxx> wrote: > >> Could it be that ocsp.usertrust.com pre-produced a response for my >> certificate at "Aug 16 00:58:00 2017 GMT" and is handing that out to >> my instance of httpd? > > That's what I suspect. You could put a packet capture between Apache > and the OCSP server and it would confirm that after a reboot or > stop/start (maybe restart?) that such an OCSP response comes in on > that backend side on the next frontend handshake (or at startup? I > don't know much about OCSP in mod_ssl) When I bother to look at the logs more closely I find [Wed Aug 16 13:38:23.590925 2017] [ssl:debug] [pid 1418:tid 140561596020480] ssl_util_ocsp.c(79): [client nnn.nnn.nnn.nnn:37904] AH01973: connecting to OCSP responder 'ocsp.usertrust.com' [Wed Aug 16 13:38:23.602557 2017] [ssl:debug] [pid 1418:tid 140561596020480] ssl_util_ocsp.c(105): [client nnn.nnn.nnn.nnn:37904] AH01975: sending request to OCSP responder [Wed Aug 16 13:38:23.614194 2017] [ssl:debug] [pid 1418:tid 140561596020480] ssl_util_ocsp.c(215): [client nnn.nnn.nnn.nnn:37904] AH01981: OCSP response header: Date: Wed, 16 Aug 2017 12:38:24 GMT [Wed Aug 16 13:38:23.614214 2017] [ssl:debug] [pid 1418:tid 140561596020480] ssl_util_ocsp.c(215): [client nnn.nnn.nnn.nnn:37904] AH01981: OCSP response header: Server: Apache [Wed Aug 16 13:38:23.614218 2017] [ssl:debug] [pid 1418:tid 140561596020480] ssl_util_ocsp.c(215): [client nnn.nnn.nnn.nnn:37904] AH01981: OCSP response header: Last-Modified: Wed, 16 Aug 2017 00:58:00 GMT [Wed Aug 16 13:38:23.614221 2017] [ssl:debug] [pid 1418:tid 140561596020480] ssl_util_ocsp.c(215): [client nnn.nnn.nnn.nnn:37904] AH01981: OCSP response header: Expires: Wed, 23 Aug 2017 00:58:00 GMT [Wed Aug 16 13:38:23.614223 2017] [ssl:debug] [pid 1418:tid 140561596020480] ssl_util_ocsp.c(215): [client nnn.nnn.nnn.nnn:37904] AH01981: OCSP response header: ETag: 69D88A041D975D90EA32CB081EFFC015230776F7 [Wed Aug 16 13:38:23.614226 2017] [ssl:debug] [pid 1418:tid 140561596020480] ssl_util_ocsp.c(215): [client nnn.nnn.nnn.nnn:37904] AH01981: OCSP response header: Cache-Control: max-age=562175,public,no-transform,must-revalidate [Wed Aug 16 13:38:23.614242 2017] [ssl:debug] [pid 1418:tid 140561596020480] ssl_util_ocsp.c(215): [client nnn.nnn.nnn.nnn:37904] AH01981: OCSP response header: X-OCSP-Reponder-ID: rmdccaocsp19 [Wed Aug 16 13:38:23.614272 2017] [ssl:debug] [pid 1418:tid 140561596020480] ssl_util_ocsp.c(215): [client nnn.nnn.nnn.nnn:37904] AH01981: OCSP response header: Content-Length: 471 [Wed Aug 16 13:38:23.614277 2017] [ssl:debug] [pid 1418:tid 140561596020480] ssl_util_ocsp.c(215): [client nnn.nnn.nnn.nnn:37904] AH01981: OCSP response header: Connection: close So that seems to explain the "This Update" date/time. (562175 seconds is about 6 and a half days.) thanks, mike --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx