Awesome, glad it's all settled!
On Tue, Jun 2, 2015 at 3:31 PM, Shawn Heisey wrote:
> On 6/2/2015 1:29 PM, Andrew Hayworth wrote:
>> On Tue, Jun 2, 2015 at 2:16 PM, Shawn Heisey wrote:
>>> My script may update a dozen ocsp responses all used by a single haproxy
>>> process ... so when I am using
On 6/2/2015 1:29 PM, Andrew Hayworth wrote:
> On Tue, Jun 2, 2015 at 2:16 PM, Shawn Heisey wrote:
>> My script may update a dozen ocsp responses all used by a single haproxy
>> process ... so when I am using the stats socket to set the ocsp
>> response, how do I tell haproxy which of the certifica
On Tue, Jun 2, 2015 at 2:16 PM, Shawn Heisey wrote:
> My script may update a dozen ocsp responses all used by a single haproxy
> process ... so when I am using the stats socket to set the ocsp
> response, how do I tell haproxy which of the certificates it is using
> needs that response? Do I need
On 6/2/2015 12:38 PM, Andrew Hayworth wrote:
> Are you reloading HAProxy or issuing a 'set ssl ocsp-response' command
> via the stats socket after you retrieve the response? That's necessary
> after you pull down an updated OCSP response.
>
> For example, here's our script that pulls down the OCSP
Are you reloading HAProxy or issuing a 'set ssl ocsp-response' command via
the stats socket after you retrieve the response? That's necessary after
you pull down an updated OCSP response.
For example, here's our script that pulls down the OCSP response then loads
it in via the stats socket:
https:
On 6/2/2015 11:42 AM, Lukas Tribus wrote:
> Share your cronjob script, your configuration, and SSLtest output at least
> (you
> basically didn't share any OCSP related informations).
Here's the script that retrieves the OCSP responses, with its redacted
config file:
https://gist.github.com/elyog
Hi Shawn,
> I've done a Qualys Labs SSL test against my setup fronted with haproxy,
> using this URL:
>
> https://www.ssllabs.com/ssltest/index.html
>
> I thought I had OCSP stapling correctly configured, but Qualys says it's
> not there. I ave a cronjob that uses openssl to retrieve the .ocsp fi
I've done a Qualys Labs SSL test against my setup fronted with haproxy,
using this URL:
https://www.ssllabs.com/ssltest/index.html
I thought I had OCSP stapling correctly configured, but Qualys says it's
not there. I ave a cronjob that uses openssl to retrieve the .ocsp file
for each certifi
8 matches
Mail list logo
