[Pki-users] OCSP reply logging
Christina Fu
cfu at redhat.com
Tue Aug 13 18:13:51 UTC 2013
On 08/07/2013 08:41 PM, Remy van Elst wrote:
> Hello,
>
> Is it possible to have the ocsp subsystem log the status part (good,
> unkown etc.) of the replies it sents out? I've got it configured
> correctly and the responses it gives are as expected. However in
> transaction.log I can see that it replies, but not the status of the
> reply (and the certificate it replies to), and with debug logging
> turned on I have a multi-line ocsp response in a log file, and I don't
> feel like parsing that.
>
> Is there a (preferably simple) way to let the ocsp responder log the
> certificate, the status of that certificate and the requesting entity
> (for example by IP) in a plain-text format?
If you are processing logs, the best log to process would have been the
logs under <instance>/logs/signedAudit, where each log message is
formulated systematically. However, since there is no requirement in
Common Criteria to log the result of the OCSP responses, there is no
such log messages existing. It can be potentially added however, in the
code, so that they can be added by the administrator in the configuration.
If this is something that you are very interested in, I encourage you to
file a feature request with some plausible reason on Dogtag so that it
can be reviewed and considered for future release.
Christina
>
> --
> Remy van Elst
> https://raymii.org - https://sparklingnetwork.nl
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20130813/76f5a07f/attachment.htm>
More information about the Pki-users
mailing list