Highest Voted 'ocsp' Questions - Server Fault Stack Exchange

5

votes

0 answers

Apache stapling_renew_response: responder error

My Apache error log shows a lot of " stapling_renew_response: responder " errors. Was hoping to add a browser screenshot but I'm a newbie and therefore not authorised. This is what is shown from the browser: "Secure Connection Failed An error…

apache-2.2 ocsp

asked Aug 11 '14 at 13:44

Mark

151
1
2

4

votes

1 answer

Revoked certificate is still valid by Google Chrome and Microsoft Edge

I have generated Self-Signed Certificate, Root-CA Signed by Root-CA Then, Intermediate-CA Signed by Root-CA and Server Signed by Intermediate-CA The certificates as given below: Root-CA -> Intermediate-CA -> …

nginx ssl-certificate openssl crl ocsp

asked Aug 19 '22 at 17:45

soup

76
4

3

votes

0 answers

OCSP responder timed out while requesting certificate status

I'm intermittently seeing errors such as the following in my nginx error logs: OCSP responder timed out (110: Connection timed out) while requesting certificate status, responder: ocsp.comodoca.com What can I need to do to fix these? I feel the…

nginx ssl-certificate ocsp

asked Sep 23 '17 at 14:45

Hassan Baig

2,325
12
29
48

3

votes

1 answer

OCSP with nginx is unable to get issuer certificate

I am having trouble setting up OCSP on nginx/1.6.2 with a certificate issued by GlobalSign. I read many related posts, but none of the solutions I've found worked. When I connect to the server, OCSP is not working > openssl s_client -connect…

nginx ocsp

asked Sep 12 '16 at 23:13

David K

41
1
5

3

votes

1 answer

OCSP ERROR in ssllabs output

I just renewed my certificate on https://wemarsh.com/ . After I thought I had everything working I did some online SSL tests, just as a routine check that everything is configured properly. Some of them passed with no problem, but one had some…

tls certificate ocsp

asked Oct 24 '15 at 11:48

Eric Marsh

171
1
5

2

votes

1 answer

OCSP Location error in pkiview.msc. But OCSP responders seem to work

I am currently setting up a new internal Windows PKI infrastructure in our organisation, to replace an old setup. Things are mostly fine, but the OCSP location has the status "Error" in the pkiview console. When I check a certificate with certutil…

windows certificate-authority pki ocsp

asked Aug 08 '19 at 12:04

Omnomnomnom

659
3
10
22

2

votes

1 answer

Using Apache as Stunnel

I was using stunnel to make an http port into https. However, it doesn't support OCSP stapling, so I decided to use Apache reverse proxy instead. The service I want to make https is on 7231, so I created a virtual host to listen on port 7232 and…

apache-2.4 reverse-proxy ocsp

asked Aug 09 '18 at 22:23

Vivek Joshy

131
7

2

votes

0 answers

Trust certificate for OCSP, but not for client certs?

According to the nginx docs, you can specify certificates to be trusted for both OCSP response and client certificate verification: ssl_trusted_certificate / ssl_client_certificate Specifies a file with trusted CA certificates in the PEM format…

nginx configuration ssl-certificate x509 ocsp

asked Jul 05 '16 at 13:37

dst

146
4

2

votes

2 answers

Nginx, SSL and OSCP

I have a problem. When I open my website with https, I see error message in my error.log: 2015/11/03 19:47:21 [error] 7799#0: recv() failed (111: Connection refused) while requesting certificate status, responder: ocsp2.globalsign.com 2015/11/03…

nginx ssl ocsp

asked Nov 03 '15 at 16:53

IvanS

121
2

2

votes

1 answer

When are OCSP requests sent by web browsers?

I'm testing my https page via webpagespeedtest on IE8, and in one run I noticed a bunch of OSCP requests sent to oscp.godaddy.com. I never noticed any such requests in previous runs. When do browsers decide to send such requests? Does it have to do…

ssl ocsp

asked Oct 27 '11 at 08:16

ripper234

5,890
9
41
49

1

vote

1 answer

ADCS PKI - AIA Location when using OCSP

My question is wheter or not I still need to configure the following AIA location on my subordinate CA when I'm using OCSP: http://SERVERFQN/DIRECTORY/_.crt With the flag "include in AIA of issued…

windows pki ocsp

asked Nov 01 '19 at 14:12

kevin rennenberg

73
1
13

1

vote

1 answer

"Next Update" is missing from the OCSP response

Overall I am experimenting to set up a private PKI by using OpenSSL on a box of CentOS 7. Everything works just fine except the issue that the "Next Update" line is missing from the OCSP response. Systems OS: CentOS 7.6 OpenSSL…

openssl ocsp

asked Sep 24 '19 at 18:11

Insights.AI

15
4

1

vote

1 answer

Strongswan PKI - ED25519 Certifcates - OCSP Responder having issues

I am trying to setup an ocsp for the certificates generated out of strongswan PKI - using it as a CA. If I try to use openssl it just throws out Can't open index.txt.attr for reading, No such file or directory Tried re-doing the certificate line.…

openssl certificate-authority strongswan pki ocsp

asked Apr 24 '18 at 06:26

shinooni

33
4

1

vote

1 answer

nginx OCSP stapling centos let's encrypt

On centos, but I guess for every OS, I want to make ocsp stapling work in Nginx ssl_stapling on; ssl_trusted_certificate ??????; ssl_stapling_verify on; what do I define for ssl_trusted_certificate? People talk about "chain+root file" or root.ca,…

nginx ocsp

asked Mar 20 '18 at 18:28

Misterr Moron

75
11

1

vote

1 answer

OCSP verification fails in Strongswan (IKEv2)

I've managed to set up an IPsec connection between two (virtual) hosts in transport mode and now I want the server to validate the client's certificate with OCSP. In a third host, I've run an OCSP responder (openssl ocsp -port 80 ...). I can see how…

ipsec strongswan ocsp ikev2

asked Nov 10 '17 at 09:56

Ander Juaristi

111
2

Questions tagged [ocsp]