The OCSP Responder of CAcert is available at http://ocsp.cacert.org/ and http://ocsp.cacert.org:2560/ To activate it, tell your client to use OCSP (take a look at the settings).
All the certificates that were issued after 16.5.2005 should have the OCSP Service URL automatically included, and should work with OCSP, when you activate it in your client.
Enabling OCSP in Firefox:
- Click on the Tools menu, then select Options.
- After the Options window appears, select Advanced.
- Scroll down until you get to the Validation section, and OCSP will be the last option.
- By default "Do not use OCSP for certificate Validation is selected." Change that selection to the second option, "Use OCSP to validate only certificates that specify an OCSP service URL".
- Click OK to close the Options window.
The OCSP Responder runs at the port 2560, the following Apache rule makes it available on Port 80:
RewriteCond %{CONTENT_TYPE} !^application/oscp-request$
RewriteRule ^/(.*) http://localhost:2560/ [P]The hostname ocsp.cacert.org can be distributed with round-robin DNS. When load or bandwidth become a problem we can simply add another OCSP responder in a similar fashion to DNS.