#OCSP Stapling Support

12 messages · Page 1 of 1 (latest)

teal stag
#

+1
Got a must staple certificate, and now users of clients that support it can't even complete the TLS handshake to my site 😅

IMG_20250507_020258.jpg
#

Haha, just noticed... Quovadis, haven't heard that name in a while!

limpid coral
#

https://letsencrypt.org/2024/12/05/ending-ocsp/ it's dying so there's no point in adding it

Ending OCSP Support in 2025

Earlier this year we announced our intent to provide certificate revocation information exclusively via Certificate Revocation Lists (CRLs), ending support for providing certificate revocation information via the Online Certificate Status Protocol (OCSP). Today we are providing a timeline for ending OCSP services:
January 30, 2025 OCSP Must-Stap...

trail portal
# 
May 7, 2025
  - Prior to this date we will have added CRL URLs to certificates
  - On this date we will drop OCSP URLs from certificates
  - On this date all requests including the OCSP Must Staple extension will fail```

what timing
limpid coral
teal stag
limpid coral
# teal stag Only for LetsEncrypt.

It's being faced out for all CAs, LE is just quickest, as usual. Firefox will also drop OCSP completely. 137 in fact is the first version where they enabled their new WebPKI implementation by default for all users

teal stag
teal stag
#

I think I can - should just need a new CSR...

limpid coral
#

Correct, they offer free reissues, can be done through their panel even

teal stag