Role for OCSP Responder?

MichaelRenner · February 28, 2023, 1:09pm

Moin,

I want to connect an external OCSP responder [1] to HCV. It needs a token to access the serial numbers.

Now I’m considering which rights a role with which I’m supposed to generate the token needs to cover exactly this use case - nothing more.

Thanks for hints

[1] GitHub - T-Systems-MMS/vault-ocsp: OCSP responder for Hashicorp Vault PKI

maxb · February 28, 2023, 2:07pm

I can certainly guess what you mean here based on the context, but this isn’t an official or even commonly-used official acronym for Vault.

But does it, though? The one API (cert/{serial}) mentioned in the README of that repository is an anonymous endpoint that doesn’t require any authentication to Vault.

MichaelRenner · March 13, 2023, 1:27pm

Moin,

thanks for your answer. That helped me alot. The token is mentioned in the documentation of the OCSP responder, but it is actually not necessary.

Now it rings without, I’m satisfied

Topic		Replies	Views
Ocsp setup for Vault Vault	0	1719	June 24, 2020
HCSEC-2024-07 - Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses Security security-vault	0	5122	April 4, 2024
Vault approle in Packer? Packer vault	1	234	November 24, 2023
Setting-up custom "Serial Number" to the certificate HCP Vault Secrets vault	2	933	July 10, 2023
Code (powershell) signing with HCV? Vault	2	143	June 25, 2024

Role for OCSP Responder?

Related topics