This small worker adds an OCSP verification option for mTLS client certificates. It can be attached to Cloudflare proxy endpoints protected by API Shield or Access mTLS with BYO CA.
- routes: replace it with your mTLS application URL
- vars:
CA_CLIENT_ISSUER
: Replace it with your client certificate issuerCA_OCSP_ROOT
: Replace it with your OCSP responder's issuer
- Add OCSP validation response caching
- Document the option of forcing an specific OCSP Validation URI