AnsweredAssumed Answered

Did you remove the servername qualification for the OCSP test?

Question asked by JY4iNIPqZaTp on Nov 28, 2016
Latest reply on Nov 29, 2016 by Ivan Ristić

> Revocation status:
> Good (not revoked)
> OCSP ERROR: Request failed with HTTP status: 502 [http://ocsp.startssl.com]

 

The above result applies to a virtual SSL hosting (SNI) that was perfectly fine until two days ago.

 

For SNI-only servers, the correct testing method is the following:

 

echo QUIT | openssl s_client \
-CAfile /etc/ssl/ca-bundle.pem \
-connect ${fqdn}:$port \
-servername ${fqdn} \
-tlsextdebug \
-status

Outcomes