Hi,
I've been running haproxy with OCSP stapling for some time with a single
ssl certificate. Now I'm trying to enable the same for multiple
certificates but am getting an error:
OCSP single response: Certificate ID does not match any certificate or
issuer.
The OCSP response itself from the provider is good:
/etc/haproxy/ssl.d/${CERT}: good
This Update: Sep 19 23:48:22 2017 GMT
Next Update: Sep 26 23:03:22 2017 GMT
for all certificates but when I try feeding the OCSP response file to the
haproxy socket:
# echo "set ssl ocsp-response $(/usr/bin/base64 -w 10000 ${CERT}.ocsp)" |
socat stdio unix-connect:/run/haproxy/admin.sock
I get the above error.
As mentioned at the beginning this is working fine with single cert. Am I
missing something or this is simply not possible?
Thanks,
Igor
