Hi , my name is Andrea Giacobazzi and I'm in
touch with Tom Titchener, because
I'm trying to realize an OCSP responder as you , and I'm using
TT patches.
I succesfully patche Apache SSL on Unix, Solaris 2.6 MU1 -
hardware Enterprise 450, but I'm still
working to try the API, and exactly I'm trying to find where
to put the request ocsp, and where
parse it and make ocsp reasponse on server. My certificate are
on LDAP directory, so I have
a routine that check certs status on ldap.
Really my first step is not a real ocsp responder, but a patch
INSIDE OpenSSL or Apache,
that make ocsp response each time a client connect to the
server.
Next step will be to configure an Apache server as an ocsp
responder, where the ocsp client will
be other Apache servers with client authentication, that must
check client cert status each connection.
Example:
NOW:
request
client(browser)----------------------->Apache with ocsp
patch (html services that need authentication)
<----------------------
response
NEXT STEP:
authentication
ocsp req(cert) http
client(browser) -----------------------> Apache for html
services -----------------------> Apache OCSP
<---------------------- that need authentication
<---------------------- responder
access
response
ocsp response http
So, I'll be glad to keep in touch with you for news an exhange know how,
but now
I still don't have response for you problem.
I'm developing that because we're trying to realize our own CA, for our
city municipality,
with open source sw: www-idd.comune.modena.it
and www.openca.org
Thanks
Andrea
