[Mod_nss-list] Revoc check via CRL and OCSP
Smith, Albert L CTR OSD OUSD ATL (US)
albert.l.smith12.ctr at mail.mil
Thu Jul 28 13:51:45 UTC 2016
Hello,
I'm running RHEL6 with "httpd-2.2.15-53" and "mod_nss-1.0.10-6".
My webserver is currently configured to do revocation checking vi OCSP and is working fine, except when we encounter failures with the OCSP service provider.
I would like to configure my webserver to check OCSP first, and in the case of a failure, use CRL files (either local files on disk or CRL files loaded into the NSS database) as a secondary. (If OCSP then CRL isn't possible, is CRL then OCSP possible?)
Is this possible, and if it is what are the relevant NSS directives to set?
Thank you for your attention,
-Albert Smith
Infrastructure Team
OUSD(AT&L) eBusiness Center
703 571-3015
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5494 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/mod_nss-list/attachments/20160728/7fee19c2/attachment.p7s>
More information about the Mod_nss-list
mailing list