From 891e5d3f8e5a47d24bdc76ed60da810da16db0d4 Mon Sep 17 00:00:00 2001
From: Jeff Trawick <trawick@apache.org>
Date: Thu, 23 Oct 2014 11:32:40 +0000
Subject: [PATCH] trying to enable OCSP Stapling without certificate chain

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1633793 13f79535-47bb-0310-9956-ffa450edef68
---
 docs/manual/ssl/ssl_howto.xml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/docs/manual/ssl/ssl_howto.xml b/docs/manual/ssl/ssl_howto.xml
index 3c45b59c5f..66f04dcbd8 100644
--- a/docs/manual/ssl/ssl_howto.xml
+++ b/docs/manual/ssl/ssl_howto.xml
@@ -200,6 +200,22 @@ to the documentation for the
 directives.</p>
 </section>
 
+<section>
+<title>If mod_ssl logs error AH02217</title>
+<pre>
+AH02217: ssl_stapling_init_cert: Can't retrieve issuer certificate!
+</pre>
+<p>In order to support OCSP Stapling when a particular server certificate is
+used, the certificate chain for that certificate must be configured.  If it 
+was not configured as part of enabling SSL, the AH02217 error will be issued
+when stapling is enabled, and an OCSP response will not be provided for clients
+using the certificate.</p>
+
+<p>Refer to the <directive module="mod_ssl">SSLCertificateChainFile</directive>
+and <directive module="mod_ssl">SSLCertificateFile</directive> for instructions
+for configuring the certificate chain.</p>
+</section>
+
 </section>
 <!-- /ocspstapling -->
 
-- 
2.40.0