Hello,
Is it possible to have the ocsp
subsystem log the status part (good, unkown etc.) of the replies
it sents out? I've got it configured correctly and the responses
it gives are as expected. However in transaction.log I can see
that it replies, but not the status of the reply (and the
certificate it replies to), and with debug logging turned on I
have a multi-line ocsp response in a log file, and I don't feel
like parsing that.
Is there a (preferably simple)
way to let the ocsp responder log the certificate, the status of
that certificate and the requesting entity (for example by IP)
in a plain-text format?
If you are processing logs, the best log to process would have been
the logs under <instance>/logs/signedAudit, where each log
message is formulated systematically. However, since there is no
requirement in Common Criteria to log the result of the OCSP
responses, there is no such log messages existing. It can be
potentially added however, in the code, so that they can be added by
the administrator in the configuration.