ACM OCSP Request support for SHA256



I have a working check on using OCSP request to ACM on a private cert authority using SHA1 via

When I switch to SHA256 instead of SHA1 though, I get errors from ACM. Does ACM OSCP support SHA256 or only SHA1? I can't find any supporting documentation that clarifies this.

1 Antwort

Amazon ACM (AWS Certificate Manager) does support OCSP (Online Certificate Status Protocol) for certificate validation. Regarding the hash algorithm used, ACM supports SHA-256 for generating the digital signature in the OCSP response.

profile picture
beantwortet vor 2 Monaten
  • I have yet to see a request work with SHA256 OCSP request. Here is an openssl example: openssl ocsp -issuer truststore.pem -sha256 -cert cert.pem -text -url this fails

    openssl ocsp -issuer truststore.pem -cert cert.pem -text -url this succeeds (SHA1 default)

    So far every OCSP request made to ACM built with anything but SHA1 encoding fails. Is this a bug?

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen