Loading…
Tilbage

[LØST] OCSP-tjenesten er ustabil


19-05-2022 10:47:40

NemID melder problemer med OCSP-tjenesten, hvilket kan give certifikat valideringsfejl ved forsendelse.

https://www.digitaliser.dk/news/6919256

Med venlig hilsen
Nemhandel Teamet

Profilbillede

[LØST] OCSP-tjenesten er ustabil

Andreas Jakobsen

NemID has reported earlier today that the OCSP-service issue is resolved:

https://www.digitaliser.dk/news/6919256

Best regards
Nemhandel Team

Profilbillede

What if we switch to CRL?

Dmitriy Lapko

Hello Andreas

 

What do you think, can we switch to CRL certificate revocation validation meanwhile? We have a lot of pending orders to deliver via Nemhandel because of this issue...

 

Kind regards, 

Dmitriy Lapko

Mercell A/S

Hi Dmitriy

In Sproom we've been using CRL revocation check for years - and we have not seen any problems recently. So, my guess is that this could be a workaround for you, that will maybe even give more stability and higher throughput in the longer run as well.

Of course it might be that CRL is also unstable right now, and we just didn't notice, because we already have the cached list.

Best regards

Kasper

Hello Kasper

Thank you very much for your input! Very useful to know! 

Looks like all our orders are delivered  now - so "ustabil" does not mean it does not work at all like previous time, but just some requests fail, so next attempt to resend can succeed. 

I remember that we switched to OCSP when CRL became quite big and also more than one intermediate CA was introduced (so separate Certificate Refocation Lists appeared), but good to know that it is still usable.

Best regards,

Dmitriy