I'm currently running an OCSP Responder with Apache (FastCGI) that respond to Ocsp Request on port 80, and running an TLS Server on port 443 that require user to present with a valid certificate. At the moment the system is working client start handshake and server respond with the certificate status, but every time a client present himself to the server, the server check the validity of the certificate against the OCSP Responder.
Is there a method to cache the response that are sented from the responder? Thanks a lot
The scenario is a system where every client has a certificate. When a client want to communicate with server A, the server A has to validate the certificate. We would like to use OCSP protocol instead of CRL to validate it. We don't want to use ocsp stapling because it's not very useful for this type of scenario. The first point works, A is able to validate the certificate sending OCSP Request and receiving OCSP Responses from the OCSP Responder. We want now to add the possibility to cache those responses.
The current configuration is:
<VirtualHost *:443>
...ssl basic config...
SSLOCSPEnable on
SSLOCSPDefaultResponder <url>
SSLOCSPOverrideResponder on
SSLOCSPResponderCertificateFile <cert.pem>
SSLOCSPUseRequestNonce off
</Virtualhost>