Accept TLS Feature (aka OCSP Must Staple) in CSRs #989
Comments
|
but please use the feature just as opt-in and not as default. |
|
cloudflare/cfssl#390 is now closed, so is this no longer blocked? |
|
Yes, there is a PR up for it already that didn't get linked in. #1224 |
|
Starting today, Comodo supports it. Yes, it respects extension in CSR with no additional actions required. My first thought was asking LE and not any other CA whether they are going to support it, but I searched in community and it's not so long to wait already. Though I stick to Comodo because of ECC support, it takes money and makes me wait for 5 minutes or even more between DCV and issuance. Nice job! |
|
I would very much see this feature implemented before I request my certificates. Any way I could help to make it happen? I see the pull request has some failing tests? |
|
Looks like it was merged to Boulder 6 days ago in #1224, so this issue can be closed? Any plans for when the feature might hit Let's Encrypt's staging or production servers? |
|
#1224 was reverted, the fix for the breakage that introduced was merged today so it will hit staging on tuesday and should get to production, if nothing else breaks, a few days after that. |
|
@rolandshoemaker What's the status on this? |
|
This is shipped, but not yet configured on. We're waiting for the fix for #1650 to ship to production before configuring it on. |
|
Must Staple is now live in production. |
We need to do cloudflare/cfssl#390 first, and then it will be just a godep update and config change in Boulder.
The text was updated successfully, but these errors were encountered: