Can’t get OCSP stapling to work, despite openssl working fine

Guide to OCSP Stapling - Thawte.

Revocation list

Kerberos (protocol)

OCSP Stapling

Online Certificate Status Protocol

Revocation doesn’t work - from March 2011.

No, don’t enable revocation checking - from April 2014

X.509v3 Extension: OCSP Stapling Required

Public Key Pinning Extension for HTTP - this is known as HPKP. Chrome does this and pre-loaded pins.

Certificate Transparency


UNetbootin Creates USB-Bootable Linux the Easy Way

Make Your Regular Mac a NetBoot Server!

Netbooting Mac

How Certificate Revocation Works

Securing SSL Certificate Verification through Dynamic Linking

Feisty Duck

Creating self signed certificates with makecert.exe for development

Example Servers - SChannel Echo Server

TLS with Schannel

C++ SSPI Schannel TLS example

How Log Proofs Work - Merkle hash trees and proving entries are in logs.

Merkle Signature Schemes, Merkle Trees and Their Cryptanalysis

Books I want to get

Bulletproof SSL and TLS by Ivan Ristic. For some reason this is super-expensive from Amazon, cheaper to get it direct from Feisty Duck.

SSL and TLS: Designing and Building Secure Systems by Eric Rescorla. Old but still good.

Implementing SSL / TLS Using Cryptography and PKI by Joshau Davies.

Network Security with OpenSSL by John Viega.

Secure Programming Cookbook for C and C++ by John Viega.

Cryptography Engineering: Design Principles and Practical Applications by Niels Furguson, Bruce Schneier, Tadayoshi Kohno.

Introduction to Modern Cryptography, Second Edition by Jonathan Katz, Yehuda Lindell.