Page MenuHomePhabricator

Use acme-chief provided OCSP stapling responses
Open, NormalPublic

Description

Now that acme-chief is providing prefetched OCSP stapling responses, clients supporting it (nginx based ones) can start to use them

Event Timeline

Change 537062 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] ncredir: Enable OCSP

https://gerrit.wikimedia.org/r/537062

Mentioned in SAL (#wikimedia-operations) [2019-09-16T10:45:08Z] <vgutierrez> Enabling OCSP prefetched responses for the non-canonical redirect service - T232988

Change 537062 merged by Vgutierrez:
[operations/puppet@production] ncredir: Enable OCSP

https://gerrit.wikimedia.org/r/537062

Change 537066 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] nagios_common: Provide a HTTPS check for LE with OCSP

https://gerrit.wikimedia.org/r/537066

Change 537067 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] ncredir: Check OCSP stapling on HTTPS icinga check

https://gerrit.wikimedia.org/r/537067

Change 537066 merged by Vgutierrez:
[operations/puppet@production] nagios_common: Provide a HTTPS check for LE with OCSP

https://gerrit.wikimedia.org/r/537066

Change 537067 merged by Vgutierrez:
[operations/puppet@production] ncredir: Check OCSP stapling on HTTPS icinga check

https://gerrit.wikimedia.org/r/537067

Change 537075 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] ncredir: Monitor TLS handshake + OCSP stapling for every configured cert

https://gerrit.wikimedia.org/r/537075

Change 537075 merged by Vgutierrez:
[operations/puppet@production] ncredir: Monitor TLS handshake + OCSP stapling for every configured cert

https://gerrit.wikimedia.org/r/537075

Vgutierrez triaged this task as Normal priority.Sep 16 2019, 3:04 PM

Change 537593 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] install_server: Enable OCSP stapling and SSL monitoring

https://gerrit.wikimedia.org/r/537593

Restricted Application added a project: Operations. · View Herald TranscriptSep 19 2019, 5:39 AM
Vgutierrez moved this task from Triage to TLS on the Traffic board.Sep 19 2019, 5:39 AM

Change 537789 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] acme_chief,ATS,tlsproxy: Move to acme-chief centrally managed OCSP responses

https://gerrit.wikimedia.org/r/537789

Change 537789 merged by Vgutierrez:
[operations/puppet@production] acme_chief,ATS,tlsproxy: Move to acme-chief centrally managed OCSP responses

https://gerrit.wikimedia.org/r/537789

Change 537923 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] acme_chief: Remove update-ocsp.d leftovers

https://gerrit.wikimedia.org/r/537923

Change 537927 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] ATS,tlsproxy: ocsp parameter for acme_chief::cert is not needed anymore

https://gerrit.wikimedia.org/r/537927

Change 537923 merged by Vgutierrez:
[operations/puppet@production] acme_chief: Remove update-ocsp.d leftovers

https://gerrit.wikimedia.org/r/537923

Change 537927 merged by Vgutierrez:
[operations/puppet@production] ATS,tlsproxy: ocsp parameter for acme_chief::cert is not needed anymore

https://gerrit.wikimedia.org/r/537927

Change 537593 merged by Vgutierrez:
[operations/puppet@production] install_server: Enable OCSP stapling and SSL monitoring

https://gerrit.wikimedia.org/r/537593

Change 538165 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] ATS: Adjust OCSP freshness check for acme-chief managed responses

https://gerrit.wikimedia.org/r/538165

Change 538165 merged by Vgutierrez:
[operations/puppet@production] ATS: Adjust OCSP freshness check for acme-chief managed responses

https://gerrit.wikimedia.org/r/538165

Change 538582 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] ATS: Set sysconfdir back as a read-only directory

https://gerrit.wikimedia.org/r/538582

Change 538582 merged by Vgutierrez:
[operations/puppet@production] ATS: Set sysconfdir back as a read-only directory

https://gerrit.wikimedia.org/r/538582