1 Answer
- Newest
- Most votes
- Most comments
0
Amazon ACM (AWS Certificate Manager) does support OCSP (Online Certificate Status Protocol) for certificate validation. Regarding the hash algorithm used, ACM supports SHA-256 for generating the digital signature in the OCSP response. https://docs.aws.amazon.com/acm/
Relevant content
- asked 2 years ago
- asked a year ago
- Accepted Answerasked 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago
I have yet to see a request work with SHA256 OCSP request. Here is an openssl example:
openssl ocsp -issuer truststore.pem -sha256 -cert cert.pem -text -url http://ocsp.acm-pca.us-east-1.amazonaws.com
this failsopenssl ocsp -issuer truststore.pem -cert cert.pem -text -url http://ocsp.acm-pca.us-east-1.amazonaws.com
this succeeds (SHA1 default)So far every OCSP request made to ACM built with anything but SHA1 encoding fails. Is this a bug?