|
Anyone? Shouldnt i use OCSP at all? Should I post this in openssl lists instead? Thanks, Luis From: luisneves@xxxxxxxxxxx To: users@xxxxxxxxxxxxxxxx Date: Wed, 16 Jun 2010 16:20:35 +0000 Subject: OCSP, CRL, apache and openssl questions Hi there, I am unable to use the SSLOCSPEnable directive in ssl.conf My httpd-2.2.3-6 running on RHEL5 gives a unknown module error when restarted: "nvalid command 'SSLOCSPEnable', perhaps misspelled or defined by a module not included in the server configuration" here http://httpd.apache.org/docs/trunk/mod/mod_ssl.html it says that SSLOCSPEnable is "Available in httpd 2.3 and later" so, do I need to download and compile httpd 2.3 on my RHEL to be able to use OCSP? what alternatives do I have? And what about using apache+mod_nss to be able to use OCSP with my current apache to "validate" expired client X509 certificates instead of apache+mod_ssl? Or at this state of apache development should I forget OCSP and try to use CRL and automate CRL updates using some cron job and some scripting? Regards, Luis Neves Hotmail: Powerful Free email with security by Microsoft. Get it now. Hotmail: Free, trusted and rich email service. Get it now. |
|