OCSP CertHash extension for CA responses #523
-
|
In EJBCA-CE 8.0, is there a way to include the CertHash extension in OCSP responses from my CAs? I only found this option in additional keybindings. In a prior version of EJBCA, I used the property "ocsp.alwayssendcustomextension=1.3.36.8.3.13", but this does not seem to work anymore in the current version. Alternatively, can I somehow prevent the CAs from responding, so a dedicated keybinding would take over on their behalf? Thanks, Karsten |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Hi Karsten, So oddly enough, this is one of those times when a feature did something cool we didn't think of – it was actually removed as part of a behavioral change, and we didn't realize at the time that it was being used to add extensions to CA-generated responses. This is of course a feature regression, so it's been slated to be reintroduced (in a better state) in the next release. In the meantime you can use an OCSP Responder on the same instance to return responses with the extension. Cheers, |
Beta Was this translation helpful? Give feedback.
Hi Karsten,
So oddly enough, this is one of those times when a feature did something cool we didn't think of – it was actually removed as part of a behavioral change, and we didn't realize at the time that it was being used to add extensions to CA-generated responses.
This is of course a feature regression, so it's been slated to be reintroduced (in a better state) in the next release. In the meantime you can use an OCSP Responder on the same instance to return responses with the extension.
Cheers,
Mike