Hi Shawn,
> I've done a Qualys Labs SSL test against my setup fronted with haproxy, > using this URL: > > https://www.ssllabs.com/ssltest/index.html > > I thought I had OCSP stapling correctly configured, but Qualys says it's > not there. I ave a cronjob that uses openssl to retrieve the .ocsp file > for each certificate: > > -rw------- 1 root root 6151 May 31 14:47 wildcard.stg.REDACTED.com.pem > -rw-r--r-- 1 root root 1609 Jun 2 10:17 wildcard.stg.rEDACTED.com.pem.ocsp > > As far as I knew, there was nothing special required in the haproxy > config. How can I troubleshoot this, and is there something I've done > wrong? Share your cronjob script, your configuration, and SSLtest output at least (you basically didn't share any OCSP related informations). Try to work through this post if you can't post the URL of the site: https://raymii.org/s/articles/OpenSSL_Manually_Verify_a_certificate_against_an_OCSP.html You probably don't want to share the openssl outputs, so you will have to read and understand them yourself. Lukas
