Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FEATURE] Easy Integration of OCSP SSL Stappling #1592

Open
1 task done
Wu-Tek opened this issue Oct 15, 2024 · 1 comment
Open
1 task done

[FEATURE] Easy Integration of OCSP SSL Stappling #1592

Wu-Tek opened this issue Oct 15, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@Wu-Tek
Copy link

Wu-Tek commented Oct 15, 2024

What's needed and why?

An easy Environement Integration of OCSP for SSL Stapling.
Firefox usese SSL Stappling and implementing it nativly as a ENV VAR would be a benefit, so that everyone can handle OCSP easily.
If this is already implemented into the lets encrypt Plugin, so you can implemtent this ENV Variable for CUSTOM_SSL_CERT too.

Implementations ideas (optional)

Code for the /etc/nginx/SERVER_NAME/ssl.conf:

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /path/to/cert_chain.pem

Enviroment Variable for Global and/or Autoconf:
CUSTOM_SSL_OCSP=yes
On the Backend ther could runn a script like this:

SSL_CERT= $CUSTOM_SSL_CERT
SSL_OCSP_CERTNAME=ocsp.der
SSL_CA_NAME=ca.cer
OCSP_1=$(openssl x509 -noout -ocsp_uri -in $SSL_CERT)
openssl ocsp -no_nonce -issuer $SSL_CA_NAME -cert $SSL_CERT -respout $SSL_OCSP_CERTNAME -url $OCSP_1

Code of Conduct

  • I agree to follow this project's Code of Conduct
@Wu-Tek Wu-Tek added the enhancement New feature or request label Oct 15, 2024
@TheophileDiot
Copy link
Member

Hi, thank you for opening this feature request, we'll have a look into it and let you know !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants