Jan Schaumann
2018-04-13 00:58:06 UTC
Hi,
I have an ATS instance that has OCSP stapling enabled. The logs
dutifully show:
[Apr 12 20:28:11.077] Server {0x2b0d22181700} NOTE: Success to refresh
OCSP response for 1 certificate.
[Apr 12 21:29:11.138] Server {0x2b0d22181700} NOTE: Success to refresh
OCSP response for 1 certificate.
[Apr 12 22:30:11.341] Server {0x2b0d22181700} NOTE: Success to refresh
OCSP response for 1 certificate.
However, since the server cannot talk to the internet outbound, it
cannot in fact refresh the OCSP status. This is as intended; however, I
wonder why the logs are claiming 'Success to refresh'.
I'd have expected an error message of some sort indicating the inability
to talk to the CA's OCSP URLs.
-Jan
I have an ATS instance that has OCSP stapling enabled. The logs
dutifully show:
[Apr 12 20:28:11.077] Server {0x2b0d22181700} NOTE: Success to refresh
OCSP response for 1 certificate.
[Apr 12 21:29:11.138] Server {0x2b0d22181700} NOTE: Success to refresh
OCSP response for 1 certificate.
[Apr 12 22:30:11.341] Server {0x2b0d22181700} NOTE: Success to refresh
OCSP response for 1 certificate.
However, since the server cannot talk to the internet outbound, it
cannot in fact refresh the OCSP status. This is as intended; however, I
wonder why the logs are claiming 'Success to refresh'.
I'd have expected an error message of some sort indicating the inability
to talk to the CA's OCSP URLs.
-Jan