Hi Marc-Antoine, no idea, sorry. Maybe some of our SSL experts may help :)
Baptiste On Wed, Jul 15, 2015 at 11:06 AM, Marc-Antoine <[email protected]> wrote: > Hi, > > nobody knows plz ? > > On Thu, 9 Jul 2015 13:06:59 +0200, > Marc-Antoine <[email protected]> wrote : > >> Hi all, >> >> I have some problem making ocsp stapling working. here is what i did : >> >> I have 8150.pem with chain, cert and key in it. >> >> I have 8150.pem.ocsp that seems ok : >> >> # openssl ocsp -respin 8150.pem.ocsp -text -CAfile alphassl256.chain >> OCSP Response Data: >> OCSP Response Status: successful (0x0) >> Response Type: Basic OCSP Response >> Version: 1 (0x0) >> Responder Id: 9F10D9EDA5260B71A677124526751E17DC85A62F >> Produced At: Jul 9 09:47:04 2015 GMT >> Responses: >> Certificate ID: >> Hash Algorithm: sha1 >> Issuer Name Hash: 84D56BF8098BD307B766D8E1EBAD6596AA6B6761 >> Issuer Key Hash: F5CDD53C0850F96A4F3AB797DA5683E669D268F7 >> Serial Number: 11216784E7CA1813F3AD922B60EAF6428EE0 >> Cert Status: good >> This Update: Jul 9 09:47:04 2015 GMT >> Next Update: Jul 9 21:47:04 2015 GMT >> >> No error/warn at haproxy launching but not sure haproxy is loading .ocsp >> file because no notice in log. >> >> But nothing in tlsextdebug : >> >> echo Q | openssl s_client -connect www.beluc.fr:443 -servername www.beluc.fr >> -tlsextdebug -status -CApath /etc/ssl/certs >> [...] >> OCSP response: no response sent >> [...] >> >> Do you see smth wrong ? What can i do in order to debug ? >> >> Regards, >> > > > -- > Marc-Antoine >
