Configure OCSP response validity when using docker compose #102
Comments
|
Hi! At present, this is only possible with a manual setup of views. The automatic configuration always uses an expiry of ten minutes. You can set the CA_OCSP_URLS:
root:
ca: ...
expires: ...Note: typing this comment on my phone and can't try it out, take the YAML with a grain of salt 😉. I'm curious and of course want to improve the project further. Making this configurable for the automatic setup would be trivial. I would like to understand:
Kr, Mat |
|
Hi! My reason for changing this is a rather rare use-case I suppose. It would be perfect if this parameter can be set per CA. Is the default value really ten minutes? Example from a OCSP response: |
|
Hi,
Yeah kind of :-), I was right in that it's the default by custom views, but it turns out it's actually set to one hour in the generic views. I have implemented per-ca configuration in a branch, and I think this is working pretty nicely. It's still not quite finished (e.g. regenerating of keys does not yet work correctly probably), but it should work for you. You can set the validity either in the admin interface or via I've pushed a Docker image with the tag Note however that there is a limit to 600 seconds/ten minutes (which seems reasonable to me, but I'm just guessing). But Django only enforces this on an interface level, so you should be able to run the db shell ( Let me know if that works for you and ESPECIALLY please provide any feedback you might have for the OCSP responder. kr, Mat |
|
Hi @tobHai , The feature is as discussed in the final release. I hope it serves you well! kr, Mat |
Hi!
Thanks for creating this project!
Is it possible to configure the OCSP response validity when running django-ca via docker compose?
Can the 'expires' property mentioned in the docs be set via a docker compose environment variable?
Thanks!
The text was updated successfully, but these errors were encountered: