Questions tagged [ocsp]

Online Certificate Status Protocol (OCSP) is a protocol used for validation of x509 certificates in a PKI system. Most OCSP implementations ingest certificate revocation lists (CRLs) from Certificate Authorities (CAs), create an internally signed database called a proof set, and then produce OCSP using the proofs.

67 questions

votes

0 answers

nginx: Rerouting/proxy OCSP request to adifferent backend

I'd like to filter/reroute OCSP traffic from regular HTTP traffic to a different back-end. Reviewing Network Analyses of OCSP protocol, if the OCSP request is via POST, I can filter on Content-Type: application/ocsp-request. The tricky part, is if…

asked Mar 12 '21 at 09:10

bugzbunny

votes

0 answers

How can I make nginx only look for ipv4 resolution for OCSP? Or have I misinterpreted the point of failure?

I've set OCSP up, but see lots of resolver timed out errors in my logs: ocsp.sectigo.com could not be resolved (110: Operation timed out) while requesting certificate status, responder: ocsp.sectigo.com Looking into it it seems I can curl…

nginx ipv6 ocsp

asked Nov 19 '20 at 09:46

Codemonkey

1,086
4
19
41

votes

0 answers

OCSP responder on a virtual host of Apache/Nginx

Is it possible to run an OCSP responder openssl ocsp -index ... on an Apache/Nginx virtual host alongside other virtual hosts? So ocsp.example.com or pki.example.com/ocsp/

nginx apache-2.4 openssl ocsp

asked Jul 19 '20 at 22:23

vince6e74

votes

2 answers

How to check if a letsencrypt certificate has been revoked

I am trying to check if a certificate issued by letsencrypt has been revoked based on this answer: openssl ocsp -issuer highschoolhelper.org_fullchain.crt -cert highschoolhelper.org_fullchain.crt \ -text -url…

ssl openssl ocsp

asked May 24 '20 at 20:47

H Aßdøµ

votes

1 answer

Apache httpd: How to enable OCSP stapling with mod_md?

I want to enable OCSP stapling with mod_md on my Debian 10 server with Apache httpd. I have enabled the module, and the command MDomain example.org is understood, but the example MDStapling on yields an error…

apache-2.4 ocsp

asked Mar 17 '20 at 13:26

vinc17

-1

votes

1 answer

Problem with TLS identity not verified

I run a CA server "Microsoft CA Server Enterprise" and I generate certificates then bind the cert to my site. In all clients in my network, I add the cert with certutil -addstore ca org.cer When my clients browse the org site, Google Chrome shows…

tls certificate-authority ocsp

asked Mar 19 '15 at 22:46

Soheil

-2

votes

1 answer

Configuring OCSP stapling in NGINX

Should I concatenate all certificates(server + intermediates + root) or just(server + intermediates) for ssl_trusted_certificate directive in NGINX.

nginx tls ocsp

asked May 05 '16 at 18:30

user3448600

1,579
2
13
12

Prev 1 2 3 4