Configuring OCSP Stapling on BIG-IP
Hi Jason!
Could it be the migration of devcentral destroyed the code snippets above? As an example:
openssl verify -CAfile \:Common\: \:Common\:"cert in question"
If I use the command as specified I get the following errors:
Error loading file :Common:
47706134397416:error:02001002:system library:fopen:No such file or directory:bss_file.c:165:fopen(':Common:','r')
47706134397416:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:168:
47706134397416:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:258:
If I use the command like this:
openssl verify -CAfile \:Common\:"ca cert in question" \:Common\:"cert in question"
I get the following output:
:Common:"cert in question": C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
error 2 at 2 depth lookup:unable to get issuer certificate
The individual certificates I use seem to be okay though:
# openssl verify \:Common\:"cert in question"
:Common:"cert in question": OK
# openssl verify \:Common\:"ca cert in question"
:Common:"ca cert in question": OK
Also, I found that I have to run the command from the /config/filestore/files_d/Common_d/certificate_d directory if I don't want to specify the complete path, and I think adding this information to your article might be helpful.