Role for OCSP Responder?


I want to connect an external OCSP responder [1] to HCV. It needs a token to access the serial numbers.

Now I’m considering which rights a role with which I’m supposed to generate the token needs to cover exactly this use case - nothing more.

Thanks for hints

[1] GitHub - T-Systems-MMS/vault-ocsp: OCSP responder for Hashicorp Vault PKI

I can certainly guess what you mean here based on the context, but this isn’t an official or even commonly-used official acronym for Vault.

But does it, though? The one API (cert/{serial}) mentioned in the README of that repository is an anonymous endpoint that doesn’t require any authentication to Vault.


thanks for your answer. That helped me alot. The token is mentioned in the documentation of the OCSP responder, but it is actually not necessary.

Now it rings without, I’m satisfied