Hi Everyone,
>From what I can tell, Apache 2.4.x supports using both an ECC and an RSA
key for SSL communications. I've configured my vhost:
Listen 0.0.0.0:10943
SSLEngine on
SSLCertificateFile ssl.d/chain/full-ecc.crt
>
> I have added tracing and see that the OCSP is revoked. I guess my question
> is, if the certificate is revoked, should Apache deny access to the
> website? Because it is still allowing access even though the OCSP server
> mentions that it's revoked.
>
Is there anything in the docs that implies
Thanks Daniel! I have that enabled. Here are all relevant settings below:
SSLVerifyClient require
SSLVerifyDepth 10
SSLOCSPEnable on
SSLOCSPDefaultResponder http://x.x.x.x:41233
SSLPassPhraseDialog builtin
SSLSessionCache "dbm:/xx/logs/ssl_scache"
SSLSessionCacheTimeout 300
SSLStaplingCache "dbm:/x
Hello,
i tried a lot of stuff. Yes, setting uid in itk_map_to_storage() oder in
itk_dirwalk_stat() will work, but it is too early for the other modules:
Authentication and Authorization are done by mod_auth_openidc. After
this step, the external user is known and mod_lua runs to map the
exte