sg4all wrote:
Not in the default NSS validation scheme. NSS 3.12 has new cert validation code called PKIX. With it comes more control and configuration of the revocation engine. I'm not sure of the state of the code (I think the latest is about ready for prime time), but I'm pretty sure mod_nss isn't set up to use the fine grain control of revocation.Hi,I'm trying to set up a apache webserver with mod_nss. When available, OCSP should be used to verify the validity of the certificate. When the OCSP is unavailable, CRLs are used.I installed the CRLS, and configured everything. (My nss.conf is included inthis message). When I comment out "NSSOCSP On": it validates the certificates using CRL correctly. When "NSSOCSP on" is used, it validates the certificates using OCSP correctly.
bob
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto