Re: [Openca-Users] OCSP configuration

Thu, 17 May 2007 07:40:15 -0700 

Hello Dmitrij,

the 1.1.1a version (well all the versions before 1.5) does not fully
support HTTP protocol, therefore there is no support for virtual hosts.
It is not related to IP vs Name... on Internet addresses are IP addresses,
but HTTP, to support virtual hosts, introduced the Host: header in the
request so that the same IP can be used for different names. In order
to have support for it you should update the OCSP to the newer version.
Sorry about that.

Cheers,
Dr. Max

Dmitrij Mironov wrote:
Thank you, Lutz, 
I have checked this - it is normal PEM formatted CRL. After upgrading to
1.1.1a version CRL via HTTP is working well. But...

It seems that OCSP server downloads CRLs in a little bit different way than
wget. After some tests I discovered, that OpenCA OCSP server connects to
HTTP resource not by name (i.e. http://www.company.com/crl/cacrl.crl), but
by IP address, resolved from http host name (i.e.
http://123.45.67.8/crl/cacrl.crl ). In my configuration I have several
different websites on one IP, so webserver just do not know where to find
this "/crl/cacrl.crl". I think it can be a bug, but I haven't checked newest
version of OpenCA OCSP - 1.5.1. It is uses pthreads, but I just do not want
to install something new on my old FreeBSD 4.11 machine. Can somebody test
such CRL downloading configuration and write here the result? 

--

Best Regards,

        Massimiliano Pala

--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]            [EMAIL PROTECTED]
                                                 [EMAIL PROTECTED]

Dartmouth Computer Science Dept               Home Phone: +1 (603) 397-3883
PKI/Trust - Office 063                        Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to