[openssl-users] OCSP: ocsp.omniroot.com/baltimore/... - what is it exactly?
Tomasz Chmielewski
tch at virtall.com
Thu Apr 30 17:44:30 UTC 2015
This might not be very relevant to OpenSSL, but I'm not sure if there is
any better list for this question...
My webserver is getting flooded with queries like:
ocsp.omniroot.com 124.205.254.7 - - [30/Apr/2015:19:24:30 +0200] "GET
/baltimoreroot/MEowSKADAgEAMEEwPzA9MAkGBSsOAwIaBQAEFMEvRXbtFVnssF26ib%2BdgHjlI9QTBBTlnVkwgkdYzKz6CFQ2hns6tQRN8AIEByekag%3D%3D
HTTP/1.1" 301 184 "-" "ocspd/1.0.3"
ocsp.omniroot.com 222.161.249.75 - - [30/Apr/2015:19:24:33 +0200] "GET
/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACBAcnqkc%3D
HTTP/1.1" 301 184 "-" "Microsoft-CryptoAPI/6.1"
If I understand it right, because the query was sent to my server
(China's Great Firewall DNS poisoning at works), and not to "original"
ocsp.omniroot.com, somebody's browser or device was not able to verify
if the certificate is still valid or not - am I correct here?
Is it possible to say what "Common name / fqdn / certificate" is queried
in such requests?
Tomasz Chmielewski
More information about the openssl-users
mailing list