OPNsense Forum

English Forums => General Discussion => Topic started by: browne on September 28, 2020, 10:36:49 am

Title: [SOLVED] HAProxy + OCSP Stapling with Let's Encrypt
Post by: browne on September 28, 2020, 10:36:49 am: I am running HAProxy as a reverse proxy in HTTP / HTTPS (SSL offloading) mode using Let’s Encrypt ACME on OPNsense.
Everything is working fine and I am right now fine tuning my setup.

The only thing left to do is to get OCSP stapling to work!
My certificate already contains the OCSP Must Staple extension.

SSL Labs
Code: [Select]
This server certificate supports OCSP must staple but OCSP response is not stapled.
Firefox brings this, once I use a certificate with the OCSP must staple extension.
Code: [Select]
MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
How do I proceed from here on?
I had a look at all the HAProxy settings but couldn’t really figure out how to set up OCSP stapling.

Regards
browne
Title: Re: HAProxy + OCSP Stapling with Let's Encrypt
Post by: browne on September 28, 2020, 11:35:02 am: Just found this: https://github.com/opnsense/plugins/issues/1430#issuecomment-692265194

I guess we all have to go without OCSP or use the script from above, until HAProxy supports this.

browne

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy