ocsp-responder
Containerised OpenSSL OCSP responder. https://github.com/wackysysadmin/ocsp-responder-container
4.0K
This is a containerised version of the OCSP web responder built into OpenSSL.
Had built this to add onto my certificates primarily to remove the warning on Microsoft's Terminal Services Client about being unable to validate the certificate against a responder when RDP'ing onto a server.
Image tag latest rebuilt every week with latest Alpine image and updated packages.
Repository: https://github.com/wackysysadmin/ocsp-responder-container
The following variables are file locations relative to the container.
Modify the volume path to the path of your files.
Bring up the OCSP responder server:
docker compose up -d
docker logs ocsp-responder
ACCEPT 0.0.0.0:2560 PID=1
ocsp: waiting for OCSP client connections...
Certificates can now be signed by defining your OCSP's FQDN. Example configuration: authorityInfoAccess = OCSP;URI:http://ocsp.hostname.foo:2560
This can be done by using a method of your choice, if you append a reverse proxy onto the Docker Compose file or if the reverse proxy server is on the same container bridge network you can specify http://ocsp-responder:2560 as the proxy upstream address.
Serving an OCSP responder over HTTPS (https://datatracker.ietf.org/doc/html/rfc5280#section-8) isn't a requirement but is certainly possible, as mentioned in the wider community OCSP requirements on CA/Intermediate certificates can cause issues, using them on issued server/client certificates from them should be fine.
Enter a directory and create a Dockerfile with the contents from https://github.com/wackysysadmin/ocsp-responder-container/blob/main/Dockerfile.
Create the container using build command:
docker build -t ocsp-responder:latest .
Content type
Image
Digest
sha256:aa18149c2…
Size
6.7 MB
Last updated
about 2 months ago
docker pull wackysysadmin/ocsp-responder