On 5/31/23 23:25, Matthias Fechner wrote:
I just saw in the release notes for 2.8 that an automatic OCSP renewal
is now included and I would like to get rid of my manual scripts that
are currently injecting the OCSP information.
I checked a little bit the documentation here:
https://docs.haproxy.org/2.8/configuration.html#ocsp-update
https://docs.haproxy.org/2.8/configuration.html#5.1-crt-list
I can't figure out where to put the option. I've tried several
different places and the config check fails every time.
Upgraded from dev13 to 2.8.0 and that didn't help.
It will be very cool for haproxy to handle ocsp renewal itself so I can
retire my script.
The doc said that it would need the issuer cert, which is included in
the file referenced by the crt option. Is that enough?
Thanks,
Shawn