Red Hat Training

A Red Hat training course is available for Red Hat JBoss Web Server

5.3. Using Online Certificate Status Protocol with Apache HTTP Server

Before you use Online Certificate Status Protocol OCSP) for https, ensure you have configured Apache HTTP Server for SSL connections (see Section 5.1, “Configuring Apache HTTP Server for SSL Connections”).
To use Online Certificate Status Protocol with Apache HTTP Server, ensure that a Certificate Authority (CA) and OCSP Responder is configured correctly.
For more information on how to configure a CA, see the Managing Certificates and Certificate Authorities section in the Red Hat Enterprise Linux 7 Linux Domain Identity, Authentication, and Policy Guide.
For more information on how to configure an OCSP Responder, see the Configuring OCSP Responders section in the Red Hat Enterprise Linux 7 Linux Domain Identity, Authentication, and Policy Guide.

Note

Ensure your Certificate Authority is capable of issuing OSCP Certificates. The Certificate Authority must be able to append the following attributes to the Certificate:
[ usr_cert ]
...
authorityInfoAccess=OCSP;URI:http://HOST:PORT 
...
[ v3_OCSP ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = OCSP Signing
Note that HOST and PORT will need to be replaced with the details of the OCSP Responder that you will configure.