Feature #8577
Aktualizováno uživatelem Jan Pašek před téměř 4 roky(ů)
Implement an OCSP endpoint
* application endpoint that reads the OSCP request from the request (in case of get -> URL parameter, in case of POST request body - see RFC for details)
* endpoint will be GET/POST /api/ocsp/{ca_id}
* OCSP request will be passed to CRL/OCSP service
* CRL/OCSP service will generate the index file and calls (maybe via cryptography service) OpenSSL to generate OCSP response. The response is then returned to the controller.
* Both response and request are DER encoded data, so they are not readable...
* For signing OCSP additional certificate issued by the CA corresponding to the OCSP endpoint must be used. (this can be checked in RFC)
Reviewer: Jan Pašek