<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
On 08/07/2013 08:41 PM, Remy van Elst wrote:
<blockquote cite="mid:etPan.52031379.515f007c.9b2@gateway.local"
type="cite">
<div id="bloop_customfont" style="font-family: Helvetica,Arial;
font-size: 13px; margin: 0px;">Hello,</div>
<div id="bloop_customfont" style="font-family: Helvetica,Arial;
font-size: 13px; margin: 0px;"><br>
</div>
<div id="bloop_customfont" style="font-family: Helvetica,Arial;
font-size: 13px; margin: 0px;">Is it possible to have the ocsp
subsystem log the status part (good, unkown etc.) of the replies
it sents out? I've got it configured correctly and the responses
it gives are as expected. However in transaction.log I can see
that it replies, but not the status of the reply (and the
certificate it replies to), and with debug logging turned on I
have a multi-line ocsp response in a log file, and I don't feel
like parsing that.</div>
<div id="bloop_customfont" style="font-family: Helvetica,Arial;
font-size: 13px; margin: 0px;"><br>
</div>
<div id="bloop_customfont" style="font-family: Helvetica,Arial;
font-size: 13px; margin: 0px;">Is there a (preferably simple)
way to let the ocsp responder log the certificate, the status of
that certificate and the requesting entity (for example by IP)
in a plain-text format?</div>
</blockquote>
If you are processing logs, the best log to process would have been
the logs under <instance>/logs/signedAudit, where each log
message is formulated systematically. However, since there is no
requirement in Common Criteria to log the result of the OCSP
responses, there is no such log messages existing. It can be
potentially added however, in the code, so that they can be added by
the administrator in the configuration.<br>
<br>
If this is something that you are very interested in, I encourage
you to file a feature request with some plausible reason on Dogtag
so that it can be reviewed and considered for future release.<br>
<br>
Christina<br>
<br>
<blockquote cite="mid:etPan.52031379.515f007c.9b2@gateway.local"
type="cite"><br>
<div class="" id="bloop_sign_1375932652391185152"><span
style="font-family: helvetica,arial; font-size: 13px;"></span>-- <br>
Remy van Elst<br>
<a class="moz-txt-link-freetext" href="https://raymii.org">https://raymii.org</a> - <a class="moz-txt-link-freetext" href="https://sparklingnetwork.nl">https://sparklingnetwork.nl</a></div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Pki-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pki-users@redhat.com">Pki-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-users">https://www.redhat.com/mailman/listinfo/pki-users</a></pre>
</blockquote>
<br>
</body>
</html>