"TLS certificate...could not be definitively verified via OCSP" with Google certs

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Fixed
    • Priority: Major - P3
    • 2.20.2, 2.21.3
    • Affects Version/s: None
    • Component/s: None
    • None
    • None
    • Fully Compatible
    • Ruby Drivers
    • Not Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?
    • None
    • None
    • None
    • None
    • None
    • None

      With the change from "Let's Encrypt" to Google certs, some Ruby customers are reportedly seeing the following warning in their application logs:

      MONGODB | TLS certificate of '{server_url}' could not be definitively verified via OCSP: For responders '{cert_issuer_url}' with a timeout of 9.925218007003423 seconds: OCSP response from '{cert_issuer_url}' is 6: unauthorized

      (For one example, see https://github.com/mongodb/mongo-ruby-driver/discussions/2940)

      There is a chance this is due to some non-compliance with the OCSP spec in the Ruby driver. We need to investigate to (1) determine if that is the case, and if so, (2) fix it.

            Assignee:
            Jamis Buck
            Reporter:
            Jamis Buck
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: