AW: OCSP Stapling Logs with mod_md

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Daniel,

Thanks for your reply.

Yes, mod_ssl does offer OCSP stapling capabilities (https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslocspenable), however, we use the OCSP stapling implementation provided by mod_md (https://httpd.apache.org/docs/2.4/mod/mod_md.html#mdstapling).

That is why the info is available in job.json but unfortunately, the same info does not appear to be available in mod_md logs, even at higher log levels.

Best,
Simon


-----Ursprüngliche Nachricht-----
Von: Daniel Ferradal <dferradal@xxxxxxxxxx> 
Gesendet: Donnerstag, 17. November 2022 19:39
An: users@xxxxxxxxxxxxxxxx
Betreff: Re:  OCSP Stapling Logs with mod_md

Isn't OCSP and everything related to it directly related to mod_ssl?

When you say it was not in the error log, do you mean LogLevel
ssl:trace7 or which configuration did you have to try and get logs about this?

El vie, 9 sept 2022 a las 9:15, <simon.studer@xxxxxxx.invalid> escribió:
>
> Hi everyone,
>
>
>
> We recently had issues renewing OCSP information with mod_md for Certificates not managed by mod_md. The issue was not related to mod_md and there was no interruption since the OCSP information is cached.
>
>
>
> While analyzing the issue, we noticed that even at high log levels some information was not being logged in the Apache error log but only in mod_md’s own job.json.
>
>
>
> Note that while it contains valuable information, job.json is complicated to forward to centralized log servers because of its format.
>
>
>
> Is there any way to have these entries logged in the error log as well?
>
>
>
> Also, could the information in job.json be accessed over /md-status even when there are no mod_md-managed certificates (currently the response only contains the mod_md version string)?
>
>
>
> Thanks!
>
> Simon



--
Daniel Ferradal
HTTPD Project
#httpd help at Libera.Chat

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux