Project

General

Profile

Feature #8299

acme: ocsp must-staple

Added by Idar Lund over 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
ACME
Target version:
-
Start date:
01/29/2018
Due date:
% Done:

0%

Estimated time:

Description

The acme.sh client supports ocsp must-staple;
if [ "$Le_OCSP_Staple" ] || [ "$Le_OCSP_Stable" ]; then
_savedomainconf Le_OCSP_Staple "$Le_OCSP_Staple"
_cleardomainconf Le_OCSP_Stable
printf -- "\nbasicConstraints = CA:FALSE\n1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05" >>"$csrconf"
fi

with the "--ocsp-must-staple" or "--ocsp" flags;
--ocsp-must-staple | --ocsp)
Le_OCSP_Staple="1"
;;

Please add support for this option in acme_certificates_edit.php

To learn more about ocsp must-staple, please read https://scotthelme.co.uk/ocsp-must-staple/

Associated revisions

Revision 00e54150 (diff)
Added by Jim Pingle about 1 year ago

Add function to detect OCSP Must Staple certs. Ticket #8418 and Ticket #8299

History

#1 Updated by Jim Pingle over 1 year ago

  • Project changed from pfSense to pfSense Packages
  • Category changed from Certificates to ACME
  • Assignee set to Jim Pingle

#2 Updated by Jim Pingle about 1 year ago

  • Status changed from New to Resolved

This is in the package and working OK now

Also available in: Atom PDF