Nothing that I could find in the documentation says that the OCSP stapling
does anything outside of that. The OCSP server will add that status to the
handshake / response. I guess is there a way to check that OCSP response
status in Apache and manually block this based on it?
>
> I have added tracing and see that the OCSP is revoked. I guess my question
> is, if the certificate is revoked, should Apache deny access to the
> website? Because it is still allowing access even though the OCSP server
> mentions that it's revoked.
>
Is there anything in the docs that
Thanks Daniel! I have that enabled. Here are all relevant settings below:
SSLVerifyClient require
SSLVerifyDepth 10
SSLOCSPEnable on
SSLOCSPDefaultResponder http://x.x.x.x:41233
SSLPassPhraseDialog builtin
SSLSessionCache "dbm:/xx/logs/ssl_scache"
SSLSessionCacheTimeout 300
SSLStaplingCache
El lun, 17 abr 2023 a las 21:19, Quintin Ash () escribió:
> Yes I have that as well
> SSLVerifyClient require
> SSLVerifyDepth 10
>
> I also have FIPS enabled (not sure if that matters).
>
>
>
>>
Well, it should be working if everything is in the right place.
Increase debug level to trace7 and
Yes I have that as well
SSLVerifyClient require
SSLVerifyDepth 10
I also have FIPS enabled (not sure if that matters).
——
Quintin Ash | Senior Software Engineer
Tenable Network Security
7021 Columbia Gateway Drive, Suite 500
Columbia, MD 21046
q...@tenable.com
W:
El lun, 17 abr 2023 a las 17:29, Quintin Ash () escribió:
> Hello,
>
>
> I am working with OCSP and SSL Stapling and I want to know if this case is
> working as expected.
>
>
> I am trying to connect to Apache and I have a certificate that is revoked
> from the OCSP server. The OCSP server is
