Regarding the following website (We Issued Our First Six Day Cert ) it reads:
Our six-day certificates will not include OCSP or CRL URLs.
Further down to the first six-day cert (I am referring to the shown openssl x509 -text
output), in the "X509v3 extensions" section, we see:
Authority Information Access:
OCSP - URI:http://e6.o.lencr.org
CA Issuers - URI:http://e6.i.lencr.org/
So, isn't there an OCSP URL included in the cert whereas the text reads different?? Thank you for clarifying!
2 Likes
Osiris
March 11, 2025, 9:13pm
2
It's a work in progress, see e.g. a reply in a different thread from a Let's Encrypt staff member here:
That first six-day certificate does not fully resemble how the six-day certificates for you and me in the future will look like
6 Likes
That first six-day certificate does not fully resemble how the six-day certificates for you and me in the future will look like
This is what I imagined. It was just confusion on reading the page and then the properties of the certificate "contradicting" the text. Thanks for clarification!
3 Likes
Osiris
March 11, 2025, 9:17pm
4
Yeah I would also have liked that this nuance would have been included in the blog post, so it wouldn't be as confusing as it is now.
3 Likes