You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by tr...@apache.org on 2014/10/23 13:32:40 UTC

svn commit: r1633793 - /httpd/httpd/trunk/docs/manual/ssl/ssl_howto.xml

Author: trawick
Date: Thu Oct 23 11:32:40 2014
New Revision: 1633793

URL: http://svn.apache.org/r1633793
Log:
trying to enable OCSP Stapling without certificate chain

Modified:
    httpd/httpd/trunk/docs/manual/ssl/ssl_howto.xml

Modified: httpd/httpd/trunk/docs/manual/ssl/ssl_howto.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/ssl/ssl_howto.xml?rev=1633793&r1=1633792&r2=1633793&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/ssl/ssl_howto.xml (original)
+++ httpd/httpd/trunk/docs/manual/ssl/ssl_howto.xml Thu Oct 23 11:32:40 2014
@@ -200,6 +200,22 @@ to the documentation for the
 directives.</p>
 </section>
 
+<section>
+<title>If mod_ssl logs error AH02217</title>
+<pre>
+AH02217: ssl_stapling_init_cert: Can't retrieve issuer certificate!
+</pre>
+<p>In order to support OCSP Stapling when a particular server certificate is
+used, the certificate chain for that certificate must be configured.  If it 
+was not configured as part of enabling SSL, the AH02217 error will be issued
+when stapling is enabled, and an OCSP response will not be provided for clients
+using the certificate.</p>
+
+<p>Refer to the <directive module="mod_ssl">SSLCertificateChainFile</directive>
+and <directive module="mod_ssl">SSLCertificateFile</directive> for instructions
+for configuring the certificate chain.</p>
+</section>
+
 </section>
 <!-- /ocspstapling -->