OCSP setup for Vault

ssl-certificate ocsp vault

OCSP responder are not handled by Vault. The best you can do is set the URL to some custom OCSP responder calling Vault on the client's behalf with the ocsp_servers parameter in the same API call:

vault write pki/config/urls \
        issuing_certificates="http://127.0.0.1:8200/v1/pki/ca" \
        crl_distribution_points="http://127.0.0.1:8200/v1/pki/crl" \
        ocsp_servers="http://127.0.0.1:8200/v1/pki/ocsp"

These URL are the URL that will be in the certificate. It must make sense for the client, not Vault. In other words, using 127.0.0.1 will never work elsewhere than on your laptop.

Also keep in mind that CRL and OCSP must be accessible over http, not https. In a production configuration, you will/should have Vault reachable over HTTPS only. You might have to put a reverse proxy in front of Vault to offer the CRL and OCSP endpoint.

vault write pki/config/urls \
   issuing_certificates="http://vault.example.com/v1/pki/ca" \
   crl_distribution_points="http://vault.example.com/v1/pki/crl" \
   ocsp_servers="http://vault.example.com/my-custom/ocsp-responder"

Related

Is it possible to grant a "read everything" role in AWS?
Differential Equation of orbit of a planet
Explain the Birthday Paradox
A line is drawn through the point $A(1,2)$ to cut the line $2y=3x-5$ in $P$ and the line $x+y=12$ in $Q$. If $AQ=2AP$, find $P$ and $Q$.
Number of edge disjoint Hamiltonian cycles in a complete graph with even number of vertices.
The system of genus characters determined by a binary quadratic form
Orthogonal matrix and orthonormal columns
Convergence of recurrence sequence
analytic functions defined on $A\cup D$
I have to find a splitting field of $x^{6}-3$ over $\mathbb{F}_{7}$
Distributional Laplacian of logarithm and the Dirac delta distribution
Proof of proposition 5.3.1 of Ravi Vakil's notes on algebraic geometry