Mailing List Archive

Isn't OCSP and everything related to it directly related to mod_ssl?

When you say it was not in the error log, do you mean LogLevel
ssl:trace7 or which configuration did you have to try and get logs
about this?

El vie, 9 sept 2022 a las 9:15, <simon.studer@post.ch.invalid> escribió:
>
> Hi everyone,
>
>
>
> We recently had issues renewing OCSP information with mod_md for Certificates not managed by mod_md. The issue was not related to mod_md and there was no interruption since the OCSP information is cached.
>
>
>
> While analyzing the issue, we noticed that even at high log levels some information was not being logged in the Apache error log but only in mod_md’s own job.json.
>
>
>
> Note that while it contains valuable information, job.json is complicated to forward to centralized log servers because of its format.
>
>
>
> Is there any way to have these entries logged in the error log as well?
>
>
>
> Also, could the information in job.json be accessed over /md-status even when there are no mod_md-managed certificates (currently the response only contains the mod_md version string)?
>
>
>
> Thanks!
>
> Simon



--
Daniel Ferradal
HTTPD Project
#httpd help at Libera.Chat

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Hi Daniel,

Thanks for your reply.

Yes, mod_ssl does offer OCSP stapling capabilities (https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslocspenable), however, we use the OCSP stapling implementation provided by mod_md (https://httpd.apache.org/docs/2.4/mod/mod_md.html#mdstapling).

That is why the info is available in job.json but unfortunately, the same info does not appear to be available in mod_md logs, even at higher log levels.

Best,
Simon


-----Ursprüngliche Nachricht-----
Von: Daniel Ferradal <dferradal@apache.org>
Gesendet: Donnerstag, 17. November 2022 19:39
An: users@httpd.apache.org
Betreff: Re: [users@httpd] OCSP Stapling Logs with mod_md

Isn't OCSP and everything related to it directly related to mod_ssl?

When you say it was not in the error log, do you mean LogLevel
ssl:trace7 or which configuration did you have to try and get logs about this?

El vie, 9 sept 2022 a las 9:15, <simon.studer@post.ch.invalid> escribió:
>
> Hi everyone,
>
>
>
> We recently had issues renewing OCSP information with mod_md for Certificates not managed by mod_md. The issue was not related to mod_md and there was no interruption since the OCSP information is cached.
>
>
>
> While analyzing the issue, we noticed that even at high log levels some information was not being logged in the Apache error log but only in mod_md’s own job.json.
>
>
>
> Note that while it contains valuable information, job.json is complicated to forward to centralized log servers because of its format.
>
>
>
> Is there any way to have these entries logged in the error log as well?
>
>
>
> Also, could the information in job.json be accessed over /md-status even when there are no mod_md-managed certificates (currently the response only contains the mod_md version string)?
>
>
>
> Thanks!
>
> Simon



--
Daniel Ferradal
HTTPD Project
#httpd help at Libera.Chat

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
???????????????????????????????????????????????????????????????????????F?V?7V'67&?&R?R???âW6W'2?V?7V'67&?&T?GGB?6?R??&p?f?"FF?F????6????G2?R???âW6W'2?V??GGB?6?R??&p