Apache Friends Support Forum

[sorrenlu]

Our .NET 3.5 application uses the HttpWebRequest class to establish TLS connections to hosted backend services and it does not make use of our Apache web server's stapled response (to confirm whether or not the SSL certificate is valid). The application performs the CRL or OCSP call on its own.

We can’t find any information which states whether or not .NET WebClient, HttpClient or HttpWebRequest classes support OCSP stapling configured in Apache server.

I confirmed that various web browsers (Edge, Chrome and Firefox) triggered Apache to make calls to the OCSP responder when they hit the Apache page.

Since that worked, we are trying to determine why our .NET 3.5 application accessing the same Apache server does not invoke the OCSP stapling.

[Altrea]

Not referenced cross-posting: https://docs.microsoft.com/en-us/answer ... p-sta.html

[sorrenlu]

Yes, .NET supports OCSP stapling on IIS. My issue is whether or not it is supported when configured on Apache. Is there a specific configuration which needs to be performed on Apache?

[Altrea]

Operating System: Red Hat Enterprise Linux 7.6

How does this fit to "XAMPP for Windows"?

My issue is whether or not it is supported when configured on Apache. Is there a specific configuration which needs to be performed on Apache?

https://lmgtfy.app/?q=Apache+OCSP+Stapling