Hello, I'm actually implementing OCSP stapling on my haproxy instance.
It seems we can update ocsp (with set ssl ocsp-response on socket) only if a previous OCSP record exist. For example : Case #1 - start haproxy without any ocsp file - set ssl ocsp-response $(base64 file.ocsp) => OCSP single response: Certificate ID does not match any certificate or issuer. Case #2 - start haproxy with ocsp file - set ssl ocsp-response [ with same OCSP response file ] => "OCSP Response updated!" Is this an expected behaviour ? Olivier
