Hello, I am attempting to enable OCSP stapling with httpd, however when
clients attempt to verify said signature, they fail.
My process for generating the staplefile is as follows:
# ocspcheck -N -o /etc/ssl/ocsp/xxxx.com.der \
/etc/ssl/private/xxxx.com.fullchain.pem
This appears to generate a valid OCSP responsefile as verified by
ocsptool(1):
# cat /etc/ssl/ocsp/xxxx.com.der | ocsptool --response-info
OCSP Response Information:
Response Status: Successful
Response Type: Basic OCSP Response
Version: 1
Responder ID: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
Produced At: Tue May 09 10:51:00 UTC 2017
Responses:
Certificate ID:
Hash Algorithm: SHA1
Issuer Name Hash: 7ee66ae7729ab3fcf8a220646c16a12d6071085d
Issuer Key Hash: a84a6a63047dddbae6d139b7a64565eff3a8eca1
Serial Number: 04dbfc34be721f3824e59ada8489c6c00492
Certificate Status: good
This Update: Tue May 09 10:00:00 UTC 2017
Next Update: Tue May 16 10:00:00 UTC 2017
Extensions:
However when I add in an OCSP directive into http.conf(5) in order to
enable stapling, it seems OCSP verification fails:
# cat /etc/httpd.conf
server "xxxx.com" {
listen on * tls port 443
tls {
certificate "/etc/ssl/private/xxxx.com.fullchain.pem"
key "/etc/ssl/private/xxxx.com.key"
ocsp "/etc/ssl/ocsp/xxxx.com.der"
}
}
# nc -zvc xxxx.com 443
Connection to xxxx.com 443 port [tcp/https] succeeded!
nc: tls handshake failed (ocsp verify failed: no result for cert)
Firefox also gives an error of:
An error occurred during a connection to xxxx.com. The OCSP response
does not include a status for the certificate being verified. Error
code: MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING
Both work when the ocsp directive is removed from http.conf(5).
openssl(1) s_client confirms that the OCSP response is being sent:
# openssl s_client -connect xxxx.com:443 -tlsextdebug -status
-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----
OCSP response:
======================================
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt
Authority X3
Produced At: May 9 10:52:00 2017 GMT
Responses:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085D
Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1
Serial Number: 0474005E94C1946D6FD3EB7A486278E9F643
Cert Status: good
This Update: May 9 10:00:00 2017 GMT
Next Update: May 16 10:00:00 2017 GMT
Signature Algorithm: sha256WithRSAEncryption
53:f9:c7:f6:49:15:29:ce:87:1b:8e:86:47:d2:a1:b2:c7:2d:
1d:da:9c:87:9d:45:60:9c:e7:57:ec:b5:57:f1:7c:5c:88:b4:
db:67:04:16:6f:b4:93:0b:d4:93:b6:08:a8:03:17:f3:f4:b3:
54:1f:b5:d0:f4:ca:29:6f:ca:02:68:3a:ec:19:4b:f5:5f:51:
53:43:b1:44:95:f4:e9:51:d4:43:54:89:0b:30:fa:17:30:0d:
31:33:c3:3d:91:36:9c:b3:7a:df:6e:07:cb:5d:b9:15:65:37:
01:0a:2e:0d:96:4c:9e:83:36:7b:34:a7:3d:f1:3d:5d:a1:c7:
bc:fc:f1:a6:cf:1e:16:71:88:55:5d:f3:b4:8f:63:e3:90:e5:
1f:63:46:34:be:45:7f:1a:56:27:b9:7e:ba:03:0d:95:b4:01:
84:49:06:65:93:aa:8b:23:35:18:fe:d9:45:e5:a6:82:ee:e4:
03:ea:b9:58:94:c6:18:1f:d9:8e:31:1a:00:4f:f1:87:eb:17:
ca:a9:10:ed:81:c8:4a:4d:f7:44:82:ff:f1:18:f6:e7:eb:f6:
3d:85:27:0b:27:5e:58:00:67:f7:cd:e4:25:32:ed:52:08:ec:
8b:c3:4a:c3:40:eb:47:a2:14:07:17:5d:42:a4:d3:75:c1:45:
a6:55:7a:23
======================================
-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----
Can anyone shed any light on whats going on here? Is it related to the
fact that Lets Encrypt OCSP responder doesn't use nonces? (meaning one
has to use the -N flag with ocspcheck(1).)
Any cluebyfour responses would be appreciated.
