Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-3350

OCSP: Add option to include signer certificate or not

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.1.0
    • Component/s: None
    • Labels:
      None

      Description

      Currently we have one option related to the signer certificate chain in OCSP responses.

      • Include certificate chain in response

      The signer certificate itself is always included in the response (I think?). This can be:

      • A root CA certificate if the responder if directly for a root CA
      • A subCA certificate if the responder if directly for a sub CA
      • A OCSP signser certificate if the responder is a delegated responder for a CA

      There is also the requirement to be able to not include any certificates in OCSP responses, to keep them very small.

      Add an option:

      • Include signer certificate in response

      Default value should be true, which is the same behaviour as today (If I am correct).

      With "Include signer certificate in response" unchecked a responder directly on a Root CA will then not include any certificates at all.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                aveen Aveen Ismail (Inactive)
                Reporter:
                tomas Tomas Gustavsson
                Verified by:
                Tomas Gustavsson
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: