AnsweredAssumed Answered

Did you remove the servername qualification for the OCSP test?

Question asked by JY4iNIPqZaTp on Nov 28, 2016
Latest reply on Nov 29, 2016 by Ivan Ristić

> Revocation status:
> Good (not revoked)
> OCSP ERROR: Request failed with HTTP status: 502 []


The above result applies to a virtual SSL hosting (SNI) that was perfectly fine until two days ago.


For SNI-only servers, the correct testing method is the following:


echo QUIT | openssl s_client \
-CAfile /etc/ssl/ca-bundle.pem \
-connect ${fqdn}:$port \
-servername ${fqdn} \
-tlsextdebug \