trafficserver
trafficserver copied to clipboard
apache
Discussion on ATS checking origin certificate revocation status
This came up as a result of https://www.digicert.com/support/certificate-revocation-incident
Does ATS check revocation status of origin certificates? If not, should it be a configuration setting to do so?
Regarding which method to use, this recent post from Let's Encrypt indicates OCSP (not stapling) on the way out and CRLs are in fashion again: https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html
This issue has been automatically marked as stale because it has not had recent activity. Marking it stale to flag it for further consideration by the community.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}