You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Aruna Gummalla <ar...@yahoo.com> on 2010/06/15 23:42:43 UTC

[users@httpd] mod_nss + OCSP configuration problem

Hi, 

I am having trouble in bringing up my Apache httpd server with the mod_nss configuration  (with OCSP).

I changed the nss.conf to have the following configuration

NSSCertificateDatabase /usr/local/apache/nss
NSSVerifyClient require
NSSOCSP on
NSSOCSPDefaultResponder on
NSSOCSPDefaultURL http://myip:3456
NSSOCSPDefaultName my_ocsp

I have a openssl OCSP server running like this 

openssl ocsp -index index.txt -CA cacert.pem -rsigner cacert.pem -rkey private/cakey.pem -port 3456

But when i start the Apache httpd server, I see the following error:

Certificate not verified: 'Server-Cert'
SSL Library Error: -8063 The response from the OCSP server was corrupted or improperly formed.

I am new to OCSP and would really appreciate any help on this.

Thanks in advance.

Thanks & Regards,
Aruna.