You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Daniel Ferradal <df...@apache.org> on 2022/11/17 18:39:00 UTC
Re: [users@httpd] OCSP Stapling Logs with mod_md
Isn't OCSP and everything related to it directly related to mod_ssl?
When you say it was not in the error log, do you mean LogLevel
ssl:trace7 or which configuration did you have to try and get logs
about this?
El vie, 9 sept 2022 a las 9:15, <si...@post.ch.invalid> escribió:
>
> Hi everyone,
>
>
>
> We recently had issues renewing OCSP information with mod_md for Certificates not managed by mod_md. The issue was not related to mod_md and there was no interruption since the OCSP information is cached.
>
>
>
> While analyzing the issue, we noticed that even at high log levels some information was not being logged in the Apache error log but only in mod_md’s own job.json.
>
>
>
> Note that while it contains valuable information, job.json is complicated to forward to centralized log servers because of its format.
>
>
>
> Is there any way to have these entries logged in the error log as well?
>
>
>
> Also, could the information in job.json be accessed over /md-status even when there are no mod_md-managed certificates (currently the response only contains the mod_md version string)?
>
>
>
> Thanks!
>
> Simon
--
Daniel Ferradal
HTTPD Project
#httpd help at Libera.Chat
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
AW: [users@httpd] OCSP Stapling Logs with mod_md
Posted by si...@post.ch.INVALID.
Hi Daniel,
Thanks for your reply.
Yes, mod_ssl does offer OCSP stapling capabilities (https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslocspenable), however, we use the OCSP stapling implementation provided by mod_md (https://httpd.apache.org/docs/2.4/mod/mod_md.html#mdstapling).
That is why the info is available in job.json but unfortunately, the same info does not appear to be available in mod_md logs, even at higher log levels.
Best,
Simon
-----Ursprüngliche Nachricht-----
Von: Daniel Ferradal <df...@apache.org>
Gesendet: Donnerstag, 17. November 2022 19:39
An: users@httpd.apache.org
Betreff: Re: [users@httpd] OCSP Stapling Logs with mod_md
Isn't OCSP and everything related to it directly related to mod_ssl?
When you say it was not in the error log, do you mean LogLevel
ssl:trace7 or which configuration did you have to try and get logs about this?
El vie, 9 sept 2022 a las 9:15, <si...@post.ch.invalid> escribió:
>
> Hi everyone,
>
>
>
> We recently had issues renewing OCSP information with mod_md for Certificates not managed by mod_md. The issue was not related to mod_md and there was no interruption since the OCSP information is cached.
>
>
>
> While analyzing the issue, we noticed that even at high log levels some information was not being logged in the Apache error log but only in mod_md’s own job.json.
>
>
>
> Note that while it contains valuable information, job.json is complicated to forward to centralized log servers because of its format.
>
>
>
> Is there any way to have these entries logged in the error log as well?
>
>
>
> Also, could the information in job.json be accessed over /md-status even when there are no mod_md-managed certificates (currently the response only contains the mod_md version string)?
>
>
>
> Thanks!
>
> Simon
--
Daniel Ferradal
HTTPD Project
#httpd help at Libera.Chat
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org