NemID melder problemer med OCSP-tjenesten, hvilket kan give certifikat valideringsfejl ved forsendelse.
https://www.digitaliser.dk/news/6919256
Med venlig hilsenNemhandel Teamet
NemID has reported earlier today that the OCSP-service issue is resolved:
Best regardsNemhandel Team
Hello Andreas
What do you think, can we switch to CRL certificate revocation validation meanwhile? We have a lot of pending orders to deliver via Nemhandel because of this issue...
Kind regards,
Dmitriy Lapko
Mercell A/S
Hi Dmitriy In Sproom we've been using CRL revocation check for years - and we have not seen any problems recently. So, my guess is that this could be a workaround for you, that will maybe even give more stability and higher throughput in the longer run as well. Of course it might be that CRL is also unstable right now, and we just didn't notice, because we already have the cached list. Best regards Kasper
Hello Kasper
Thank you very much for your input! Very useful to know!
Looks like all our orders are delivered now - so "ustabil" does not mean it does not work at all like previous time, but just some requests fail, so next attempt to resend can succeed.
I remember that we switched to OCSP when CRL became quite big and also more than one intermediate CA was introduced (so separate Certificate Refocation Lists appeared), but good to know that it is still usable.
Best regards,
Dmitriy