Contacting this ocsp (ocsp.eidpki.belgium.be) with its ip is not possible

30 views
Skip to first unread message

Aimé Kassa

unread,
May 13, 2025, 1:53:04 AMMay 13
to eID Middleware Dev
Hi all,
Any idea why we can call ocsp.eid.belgium.be using either its ip or the fqdn
But seems to be not possible for ocsp.eidpki.belgium.be ?
Regards,
Aimé

Wouter Verhelst

unread,
May 15, 2025, 7:17:21 AMMay 15
to Aimé Kassa, eID Middleware Dev

Hi Aimé,

 

Using the OCSP server by IP address is not actually something that is supposed to be supported. The URLs in the certificates contain the full hostnames, not the IP addresses; and if you hardcode IP addresses somewhere then if/when the maintainers of the service in question move the server to a different location, your OCSP resolution will stop working.

 

The two services are maintained by two different companies (Certipost for ocsp.eid.belgium.be, who won the first tender to maintain this infrastructure, Zetes for ocsp.eidpki.belgium.be who won the second tender), and so it’s not entirely unexpected that there might be some differences in some of the details related to some of these services; but that doesn’t mean it’s a good idea to do OCSP by IP.

 

Thanks for your understanding,

 

--
You received this message because you are subscribed to the Google Groups "eID Middleware Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to eid-middleware-...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/eid-middleware-dev/b680333d-d9cc-4f2f-ba49-747d3a94ca5fn%40googlegroups.com.

Aimé Kassa

unread,
May 15, 2025, 8:19:35 AMMay 15
to Wouter Verhelst, eID Middleware Dev

👍

Aimé Kassa a réagi depuis Gmail

Reply all
Reply to author
Forward
0 new messages