Hi
Can anybody confirm whether Apigee supports OCSP/CRL? Got to know that its not supported by Apigee. However, I could see OCSP setting in virtual host. We need it for open banking implementation.
TIA
Hi @NSaini1, I am not sure of earlier versions but as per docs, in Edge for Private Cloud release 4.18.01, OCSP stapling is supported for virtual hosts.
https://docs.apigee.com/release/notes/sneak-preview-edge-private-cloud-release-41801
Virtual hosts now support OCSP stapling for one-way and two-way TLS. When enabled, an OCSP (Online Certificate Status Protocol) client sends a status request to an OCSP responder to determine if the certificate is valid. The response indicates if the certificate is valid and not revoked.
By default OCSP stapling is off. TLS must be enabled on the virtual host to enable OCSP.
Yes I checked that. Thanks @Siddharth Barahalikar. Just wanted to confirm before using it as there is not much detail given about this,
Hi @Dino-at-Google @NICOLA Can you guys help here
yes, as documented.
OSCP is supported in the vhost.
Hi Dino
Just wanted to understand more on this. What certificate directory is being used for CRL/OCSP in apigee if i enable this in vhost. Not much detail is provided in documentation.
The "directory of certs" is managed by each OCSP responder. OCSP uses the OCSP Responder that is configured on the certificate. Here's more information on OCSP Stapling.
https://en.wikipedia.org/wiki/OCSP_stapling
https://security.stackexchange.com/questions/29686/how-does-ocsp-stapling-work
Some key points