On 10/3/23 01:33, Remi Tricot-Le Breton wrote:
This command relies on the same task that performs the automatic update.
What it does is basically add the certificate at the top of the task's
update list and wakes it up. The update is asynchronous so we can't
return a status to the CLI command.
In order to check if the update was successful you can display the
contents of the updated OCSP response via the "show ssl ocsp-response"
command. If the response you updated is also set to be updated
automatically, you can also use the "show ssl ocsp-updates" command that
gives the update success and failure numbers as well as the last update
status for all the responses registered in the auto update list.
I have no idea how to get an interactive session going on the stats
socket so that I can see whatever response a command generates. The
only command I know for the socket is for the old-style OCSP update
where the OCSP response is obtained with openssl, converted to base64,
and sent to the socket. No response comes back when using socat in this
way.
Here is my old script for OCSP updates, which I stopped using once I
learned how to set up haproxy to do it automatically:
https://paste.elyograg.org/view/5e88c914
(seems that I removed the final \ that made the blank lines necessary.
oops!)
Thanks,
Shawn
