Highest Voted 'ocsp' Questions - Server Fault Stack Exchange

27

votes

4 answers

How do I check if my SSL certificates have been revoked

The recent discovery of the heartbleed vulnerability has prompted certificate authorities to re-issue certificates. I have two certificates that were generated before the heartbleed vulnerability was discovered. After the SSL issuer told me to…

asked Apr 22 '14 at 09:14

sridhar pandurangiah

743
2
11
28

27

votes

1 answer

OpenSSL: how to setup an OCSP server for checking third-party certificates?

I am testing the Certificate Revocation functionality of a CMTS device. This requires me to setup a OCSP responder. Since it will only be used for testing I assume that the minimal implementation provided by OpenSSL should suffice. I have extracted…

openssl ocsp

asked Apr 13 '10 at 13:31

StackedCrooked

1,317
2
13
22

17

votes

2 answers

OCSP validation - unable to get local issuer certificate

I'm new to setup SSL from the scratch and did my first steps. I bought a SSL cert from RapidSSL for my domain and followed there steps to install the cert. In general the cert is valid and working on my webserver(nginx v1.4.6 - Ubuntu 14.04.1 LTS),…

nginx ssl-certificate ubuntu-14.04 ocsp

asked Sep 24 '14 at 18:57

kapale

405
1
3
8

16

votes

2 answers

Free OCSP server for testing purposes?

Can anyone recommend a free and simple OCSP server for Windows or Linux?

security certificate ocsp

asked Apr 07 '10 at 12:01

StackedCrooked

1,317
2
13
22

13

votes

2 answers

nginx: ssl_stapling_verify: What exactly is being verified?

What exactly does the ssl_stapling_verify directive? Does it check if the signature of the answer is correct? The official nginx documentation is very vague in explaining…

nginx ocsp

asked Apr 27 '17 at 13:26

Bratwurstmobil

133
1
5

13

votes

1 answer

OCSP responder not present?

Am trying to set up OCSP validation routines, and so want to be comfortable with the environment first. Found excellent tutorials at for example OpenSSL: Manually verify a certificate against an OCSP. Multiple questions arise, so please bear with…

openssl x509 ocsp

asked Apr 28 '15 at 23:35

Robert Weaver

231
2
3

10

votes

1 answer

Do Postfix and Dovecot support OCSP stapling?

Since I would like to set the "must staple" attribute in my SSL certificates, I was doing some research to find out if all of my services support OCSP stapling. So far I found out, that Apache does which I was able to confirm using SSLLabs.com. But…

ssl postfix dovecot ocsp

asked Feb 03 '17 at 14:50

comfreak

1,451
1
21
32

7

votes

2 answers

Enabling OCSP stapling on IIS SNI-enabled site

If Require Server Name Indication is checked on the binding of an IIS site, OCSP stapling is disabled for the site. This is easily confirmed by enabling SNI for a site that currently doesn't require it, and checking using…

iis sni ocsp

asked Sep 02 '16 at 22:39

franzo

223
3
8

6

votes

1 answer

Can I make Nginx automatically OCSP staple certificates at reload/restart?

Is there a way to make Nginx proactively OCSP staple certificates each time its configuration is reloaded or it is re-started? Alternatively, can Nginx be set to save the stapled certificates across reloads or restarts instead of discarding them?…

nginx ocsp

asked Sep 30 '16 at 12:18

Tom Brossman

301
3
12

6

votes

2 answers

Nginx letsencrypt OCSP stappling

I have set up nginx with SSL and letsencrypt certificates. However I am unable to get OCSP stappling to work. From what I found in the web, it should work with the following configuration, unfortunately it does not. My nginx vhost looks like…

nginx ssl-certificate ocsp

asked Apr 05 '16 at 06:53

lockdoc

241
3
8

6

votes

1 answer

Are there certain specific host file entries that Windows 2008 will ignore for security purposes?

While troubleshooting a network timeout/connectivity WinHTTP issue, I temporarily added a host file entry for: 127.0.0.1 ctldl.windowsupdate.com (The server has no internet connection and the firewall was causing some extended timeouts -- I wanted…

windows-server-2008 hosts-file ocsp

asked Jul 13 '12 at 15:42

Mike B

11,570
42
106
165

6

votes

1 answer

How large is the certificate OCSP and CRL cache in my Windows server?

How can I see the size of the in-memory OCSP cache to a CRL cache in my Domain Controllers? In other words, most Windows process that uses CryptoAPIs have an in-memory cache of every CRL and OCSP relevant for that application. This is important…

certificate-authority ad-certificate-services crl ocsp

asked Jun 02 '12 at 03:06

makerofthings7

8,821
28
115
196

5

votes

1 answer

Online Certificate Status Protocol (OCSP) and Port 80

I had used OCSP stapling in AWS in the past, due to changes on AWS they no longer allow this. This has resulted in having to open a firewall rule to allow outbound HTTP traffic for OCSP from client devices. For us opening port 80 is not allowed…

ocsp

asked Aug 07 '17 at 14:54

Lismore

153
1
1
4

5

votes

2 answers

OCSP server suggests trying again later

I am using Firefox to access my site secured with a free StartSSL certificate. I am sending an HSTS header (though now for testing I have it set to 15 seconds!) and I have enabled OCSP stapling. Yesterday and this morning StartSSL's OCSP responder…

ssl ocsp

asked Sep 09 '15 at 05:44

BenjiWiebe

277
3
13

5

votes

1 answer

How to get OpenSSH to use OCSP for revocation

As the title says, is there any (free) library, patch, etc. that allows OpenSSH to be configured to check x.509 certificate revocation via OCSP (online certificate status protocol)? If so, can you please point me to documentation and/or a download…

ssh certificate ocsp

asked Oct 02 '14 at 22:10

Laplacian

151
4

Questions tagged [ocsp]