chee003 commented on issue #10309: URL: https://github.com/apache/apisix/issues/10309#issuecomment-1966390133
> > it's a self signed certificate,the error still exist.i thought apisix can't get the ocsp url from the certificate > > if you signed by private key directly like this, this plugins may not work: > > ``` > openssl x509 -req -sha256 -days 365 -in x509.csr -signkey key.pri -out x509.crt ... > ``` > > to make it works, the output certificate needs to signed by CA certificate like: > > ``` > openssl x509 -req -sha256 -days 365 -in x509.csr -CA ca.crt -CAkey ca.pri -out x509.crt ... > ``` > > and combine x509.crt and CA.crt. > > hope this will be helped. thank you so much, when i use a valid cetificate,the plugins ocsp is ok here is the log **_2024/02/27 11:48:06 [info] 51#51: *316920 [lua] ocsp-stapling.lua:101: set_ocsp_resp(): not ocsp resp cache found, fetch from ocsp responder, context: ssl_certificate_by_lua*, client: 10.192.8.136, server: 0.0.0.0:9443 2024/02/27 11:48:06 [info] 51#51: *316920 [lua] ocsp-stapling.lua:50: fetch_ocsp_resp(): fetch ocsp response from remote, context: ssl_certificate_by_lua*, client: 10.192.8.136, server: 0.0.0.0:9443 2024/02/27 11:48:06 [info] 51#51: *316920 [lua] ocsp-stapling.lua:106: set_ocsp_resp(): fetch ocsp resp ok, cache it, context: ssl_certificate_by_lua*, client: 10.192.8.136, server: 0.0.0.0:9443_** -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
