On 08/07/2013 08:41 PM, Remy van Elst wrote:

Hello,

Is it possible to have the ocsp subsystem log the status part (good, unkown etc.) of the replies it sents out? I've got it configured correctly and the responses it gives are as expected. However in transaction.log I can see that it replies, but not the status of the reply (and the certificate it replies to), and with debug logging turned on I have a multi-line ocsp response in a log file, and I don't feel like parsing that.

Is there a (preferably simple) way to let the ocsp responder log the certificate, the status of that certificate and the requesting entity (for example by IP) in a plain-text format?

If you are processing logs, the best log to process would have been the logs under <instance>/logs/signedAudit, where each log message is formulated systematically. However, since there is no requirement in Common Criteria to log the result of the OCSP responses, there is no such log messages existing. It can be potentially added however, in the code, so that they can be added by the administrator in the configuration.

If this is something that you are very interested in, I encourage you to file a feature request with some plausible reason on Dogtag so that it can be reviewed and considered for future release.

Christina

--
Remy van Elst
https://raymii.org - https://sparklingnetwork.nl


_______________________________________________
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users