What's needed and why?
An easy Environement Integration of OCSP for SSL Stapling.
Firefox usese SSL Stappling and implementing it nativly as a ENV VAR would be a benefit, so that everyone can handle OCSP easily.
If this is already implemented into the lets encrypt Plugin, so you can implemtent this ENV Variable for CUSTOM_SSL_CERT too.
Implementations ideas (optional)
Code for the /etc/nginx/SERVER_NAME/ssl.conf:
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /path/to/cert_chain.pem
Enviroment Variable for Global and/or Autoconf:
CUSTOM_SSL_OCSP=yes
On the Backend ther could runn a script like this:
SSL_CERT= $CUSTOM_SSL_CERT
SSL_OCSP_CERTNAME=ocsp.der
SSL_CA_NAME=ca.cer
OCSP_1=$(openssl x509 -noout -ocsp_uri -in $SSL_CERT)
openssl ocsp -no_nonce -issuer $SSL_CA_NAME -cert $SSL_CERT -respout $SSL_OCSP_CERTNAME -url $OCSP_1
Code of Conduct
What's needed and why?
An easy Environement Integration of OCSP for SSL Stapling.
Firefox usese SSL Stappling and implementing it nativly as a ENV VAR would be a benefit, so that everyone can handle OCSP easily.
If this is already implemented into the lets encrypt Plugin, so you can implemtent this ENV Variable for CUSTOM_SSL_CERT too.
Implementations ideas (optional)
Code for the /etc/nginx/SERVER_NAME/ssl.conf:
Enviroment Variable for Global and/or Autoconf:
CUSTOM_SSL_OCSP=yes
On the Backend ther could runn a script like this:
Code of Conduct