Hi Marc,
> Hi all,
>
> I have some problem making ocsp stapling working. here is what i did :
>
> I have 8150.pem with chain, cert and key in it.
>
> I have 8150.pem.ocsp that seems ok :
>
> # openssl ocsp -respin 8150.pem.ocsp -text -CAfile alphassl256.chain
> OCSP Response Data:
> OCSP Response Status: successful (0x0)
> Response Type: Basic OCSP Response
> Version: 1 (0x0)
> Responder Id: 9F10D9EDA5260B71A677124526751E17DC85A62F
> Produced At: Jul 9 09:47:04 2015 GMT
> Responses:
> Certificate ID:
> Hash Algorithm: sha1
> Issuer Name Hash: 84D56BF8098BD307B766D8E1EBAD6596AA6B6761
> Issuer Key Hash: F5CDD53C0850F96A4F3AB797DA5683E669D268F7
> Serial Number: 11216784E7CA1813F3AD922B60EAF6428EE0
> Cert Status: good
> This Update: Jul 9 09:47:04 2015 GMT
> Next Update: Jul 9 21:47:04 2015 GMT
>
> No error/warn at haproxy launching but not sure haproxy is loading .ocsp file
> because no notice in log.
>
> But nothing in tlsextdebug :
>
> echo Q | openssl s_client -connect www.beluc.fr:443 -servername www.beluc.fr
> -tlsextdebug -status -CApath /etc/ssl/certs
> [...]
> OCSP response: no response sent
> [...]
>
> Do you see smth wrong ? What can i do in order to debug?
Can you provide the output of "haproxy -vv" please and a
config snippet (the frontend ssl configuration)?
Do you see a warning if 8150.pem.ocsp contains garbage when you restart
haproxy?
Regards,
Lukas
