Using OCSP stapling with LE certificates

0

Hi,

was anyone able to successfully use Lets Encrypt certificates in conjunction with OCSP stapling yet?

Running the latest version of the KEMP LM 7.2.40.0.15707 at least provides the possibility to enter a DNS name and not an IP address of a desired OCSP server.

Using details provided here https://community.letsencrypt.org/t/setting-up-ocsp-on-a-kemp-to-use-letsencrypt/19025/4 I still end up getting 'OCSP response: no response sent' when I run 'openssl s_client -connect <domain name>:443 -servername <domain name> -status | grep OCSP'.

Other services which I do not load balance and which do OCSP stapling using e.g. Nginx correctly show:

'OCSP Response Data:

    OCSP Response Status: successful (0x0)

    Response Type: Basic OCSP Response'

 

KEMP LM configuration parameters look like the following:

OCSP Server: ocsp.int-x3.letsencrypt.org

OCSP Server Port: 80

OCSP URL: /

Use SSL: unchecked

Allow Access on Server Failure: unchecked (doesn´t matter in this case)

Enable OCSP Stapling: checked

OCSP Refresh Interval: 1 Hour

 

Thanks in advance

Kevin

1 comment

Avatar
0
khallaoui

The LM does not send host name with his request which return an error 400 right now. Opened a feature request for it hopefully to solve this.