My problem is that, the Nokia s60 mobile browser is able to access my web server although the certificate of this server has been revoked, so how can I find a way to deny Nokia mobile browser from accessing the server when server’s certificate had been revoked. Mr. Joe had told me to enable OCSP stapling, I have done, but later I knew that the client should support this extension in order to receive the responses about the server certificate status.
I suggested modifying the source code of the apache web server to include OCSP query about its certificate. Another idea is to let the client do its own check, but I don’t know if I can modify the mobile browser to be able to send OCSP request, or to implement an application (it should be integrated with the browser ) that send this request instead of the browser , Just I need a logical and easy to implement idea to solve such problem. Mohamed
