Hi William, On 09.12.20 09:27, William Lallemand wrote: > $ echo -e -n "@1 set ssl cert server1.fullchain.pem <<\n$(cat > server2.fullchain.pem)\n\n" | socat - /tmp/master.socket > $ echo -e "@1 set ssl cert server1.fullchain.pem.ocsp <<\n$(base64 -w > 10000 server2.fullchain.ocsp)\n" | socat - /tmp/master.socket > $ echo "@1 commit ssl cert server1.fullchain.pem" | socat - > /tmp/master.socket > > It should activate the OCSP with the new SSL context.
thanks, yes, using "set ssl cert fullchain.pem.ocsp" instead of "set ssl ocsp-response ..." makes it succeed. As far as I can see the "set ssl cert fullchain.pem.ocsp" method is *generally* suitable to update ocsp responses and can be used as a drop in replacement for the "set ssl ocsp-response" method, which is not working correctly in the case, where the intermediate cert changed? Thanks Björn
