Hi,
was anyone able to successfully use Lets Encrypt certificates in conjunction with OCSP stapling yet?
Running the latest version of the KEMP LM 7.2.40.0.15707 at least provides the possibility to enter a DNS name and not an IP address of a desired OCSP server.
Using details provided here https://community.letsencrypt.org/t/setting-up-ocsp-on-a-kemp-to-use-letsencrypt/19025/4 I still end up getting 'OCSP response: no response sent' when I run 'openssl s_client -connect <domain name>:443 -servername <domain name> -status | grep OCSP'.
Other services which I do not load balance and which do OCSP stapling using e.g. Nginx correctly show:
'OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response'
KEMP LM configuration parameters look like the following:
OCSP Server: ocsp.int-x3.letsencrypt.org
OCSP Server Port: 80
OCSP URL: /
Use SSL: unchecked
Allow Access on Server Failure: unchecked (doesn´t matter in this case)
Enable OCSP Stapling: checked
OCSP Refresh Interval: 1 Hour
Thanks in advance
Kevin
Nick Smylie
As of our .50 release we now send a Host header with OCSP.