From 05103862d4b9d9e3d26cc3730d406ed8b870ca5a Mon Sep 17 00:00:00 2001
From: jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>
Date: Fri, 12 Jun 2009 19:32:28 +0000
Subject: Bugzilla Bug# 492189, Security Officer: a security officer token that
 is in temp lost status can be used to login to the so work station UI.

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@585 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
---
 pki/base/tps/apache/conf/nss.conf | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'pki/base/tps')

diff --git a/pki/base/tps/apache/conf/nss.conf b/pki/base/tps/apache/conf/nss.conf
index 0c7b7b6c3..c619ec26e 100644
--- a/pki/base/tps/apache/conf/nss.conf
+++ b/pki/base/tps/apache/conf/nss.conf
@@ -64,6 +64,26 @@ NSSSession3CacheTimeout 86400
 #ServerName [Server_Name]:[Secure_Port]
 #ServerAdmin you@example.com
 
+# Configure OCSP checking of client certs
+
+#NSSOCSP on
+#NSSOCSPDefaultResponder on
+
+# URL of the ocsp service
+#
+#   Example of the built in ocsp service of the  CS CA
+
+#NSSOCSPDefaultURL http://localhost:9180/ca/ocsp
+
+# Nickname of ocsp signing cert
+#
+#    Below is sufficient if using built in CS CA ocsp service
+#    If using outboard ocsp, make sure the cert listed below
+#    is imported into the local cert database.
+
+#NSSOCSPDefaultName caCert 
+
+
 # mod_ssl logs to separate log files, you can choose to do that if you'd like
 ErrorLog [SERVER_ROOT]/logs/error_log
 TransferLog [SERVER_ROOT]/logs/access_log
-- 
cgit