On 6/2/2015 12:38 PM, Andrew Hayworth wrote: > Are you reloading HAProxy or issuing a 'set ssl ocsp-response' command > via the stats socket after you retrieve the response? That's necessary > after you pull down an updated OCSP response. > > For example, here's our script that pulls down the OCSP response then > loads it in via the stats > socket: https://gist.github.com/ahayworth/e27e12bd0f9d9f10f3c2
I did not catch the reload or "set" requirement when I was researching this. Looks like a reload fixed it. I don't want to do a reload once an hour, so I would like to use the socket method. My script may update a dozen ocsp responses all used by a single haproxy process ... so when I am using the stats socket to set the ocsp response, how do I tell haproxy which of the certificates it is using needs that response? Do I need to diffeentiate them, or simply send all the ocsp responses in via the stats socket? Thanks, Shawn
