Ocsp setup for Vault

roy · June 24, 2020, 1:58pm

I have vault setup running in container for PKI Secrets Engine and would like to add OCSP support for application to check if certificate is not revoked. I didn’t find any explanation on how to setup OCSP for vault als not clear information in any of the blogs.

In my setup I have configure following for CRL

vault write pki/config/urls \
        issuing_certificates="http://127.0.0.1:8200/v1/pki/ca" \
        crl_distribution_points="http://127.0.0.1:8200/v1/pki/crl"

But nothing beyond this for OCSP

Do I need to setup separate service for OSCP or Vault can handle this itself ?

Any help on this to understand OCSP for Vault would be appreciated ?

Topic		Replies	Views
Vault PKI supported platforms for issuing , renewing and revoking the Certificates Vault	6	463	August 10, 2022
Unable to access CRL endpoints Vault	0	116	May 20, 2024
Pki: serve CRL for issuer with no key? Vault	0	143	August 22, 2023
Vault Agent Template: Get PKI CRL Vault	3	532	December 7, 2022
Vault In Kubernetes - Setting up TLS Vault k8s	1	545	November 1, 2021

Ocsp setup for Vault

Related topics