A basic configuration.

<IfModule mod_ca_crl.c>
  CACRLCertificateRevocationList /etc/pki/ca/ca-crl.pem
</IfModule>

<IfModule mod_ocsp.c>
<Location /ocsp>
  SetHandler ocsp
  OcspSigningCertificate /etc/pki/certs/ocsp.cert
  OcspSigningKey /etc/pki/certs/ocsp.key
#  OcspSigningCertificate /tmp/ra-cert.pem
#  OcspSigningKey /tmp/ra-key.pem
#  OcspOverrideReason certificateHold
#  OcspOverrideRevocationTime 20121001000000Z
#  OcspOverrideInvalidityDate 20121001000001Z
#  OcspOverrideHoldInstruction holdInstructionReject
</Location>
</IfModule>