The default behaviour of apache regarding verification is to enable OCSP, CRL or all together. All the mechanism of cert verification have to report a valid status to make the connection possibile. If one of the mechanism is broken, like an unresponsive OCSP Responder, the verification will fail. In my opinion it will be better to make these mechanism more configurable, adding the possibility to ocsp have a fallback, and not to abort the verification. Are there suitable mechanism in apache that make this already possible? I hope I was clear, thanks