ACM OCSP Request support for SHA256
0
Hello!
I have a working check on using OCSP request to ACM on a private cert authority using SHA1 via https://cryptography.io/en/3.4/x509/ocsp.html
When I switch to SHA256 instead of SHA1 though, I get errors from ACM. Does ACM OSCP support SHA256 or only SHA1? I can't find any supporting documentation that clarifies this.
Sprache
English
gefragt vor einem Monat177 Aufrufe
1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
0
Amazon ACM (AWS Certificate Manager) does support OCSP (Online Certificate Status Protocol) for certificate validation. Regarding the hash algorithm used, ACM supports SHA-256 for generating the digital signature in the OCSP response. https://docs.aws.amazon.com/acm/
Relevanter Inhalt
AWS OFFICIALAktualisiert vor 2 Jahren- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren
I have yet to see a request work with SHA256 OCSP request. Here is an openssl example:
openssl ocsp -issuer truststore.pem -sha256 -cert cert.pem -text -url http://ocsp.acm-pca.us-east-1.amazonaws.comthis failsopenssl ocsp -issuer truststore.pem -cert cert.pem -text -url http://ocsp.acm-pca.us-east-1.amazonaws.comthis succeeds (SHA1 default)So far every OCSP request made to ACM built with anything but SHA1 encoding fails. Is this a bug?