5.3. Using Online Certificate Status Protocol with Apache HTTP Server

Before you use Online Certificate Status Protocol OCSP) for https, ensure you have configured Apache HTTP Server for SSL connections (see Section 5.1, “Configuring Apache HTTP Server for SSL Connections”).

To use Online Certificate Status Protocol with Apache HTTP Server, ensure that a Certificate Authority (CA) and OCSP Responder is configured correctly.

For more information on how to configure a CA, see the Managing Certificates and Certificate Authorities section in the Red Hat Enterprise Linux 7 Linux Domain Identity, Authentication, and Policy Guide.

For more information on how to configure an OCSP Responder, see the Configuring OCSP Responders section in the Red Hat Enterprise Linux 7 Linux Domain Identity, Authentication, and Policy Guide.

Note

Ensure your Certificate Authority is capable of issuing OSCP Certificates. The Certificate Authority must be able to append the following attributes to the Certificate:

[ usr_cert ]
...
authorityInfoAccess=OCSP;URI:http://HOST:PORT 
...
[ v3_OCSP ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = OCSP Signing

[ usr_cert ]
...
authorityInfoAccess=OCSP;URI:http://HOST:PORT 
...
[ v3_OCSP ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = OCSP Signing

Copy to Clipboard

Toggle word wrap

Note that HOST and PORT will need to be replaced with the details of the OCSP Responder that you will configure.

Report a bug

返回顶部

此内容没有您所选择的语言版本。

5.3. Using Online Certificate Status Protocol with Apache HTTP Server

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links