Dear all,
I just saw in the release notes for 2.8 that an automatic OCSP renewal
is now included and I would like to get rid of my manual scripts that
are currently injecting the OCSP information.
I checked a little bit the documentation here:
https://docs.haproxy.org/2.8/configuration.html#ocsp-update
https://docs.haproxy.org/2.8/configuration.html#5.1-crt-list
and if I understood it correctly it only works if used together with a
crt-list line.
I currently use the crt definition on a bind line like:
frontend www-https
mode tcp
option tcplog
bind 0.0.0.0:443 ssl crt /usr/local/etc/haproxy/certs/
alpn h2,http/1.1
bind :::443 ssl crt /usr/local/etc/haproxy/certs/ alpn
h2,http/1.1
Could you please help me, how I need to configure haproxy to use ocsp
renewal.
It is not my intent to list all certificates in the haproxy
configuration as that would make it unnecessarily complicated.
Thanks a lot.
Gruß
Matthias
--
"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook