动态更新OCSP

2025-11-04 05:00:24 +08:00 · 2022-03-18 17:04:53 +08:00
parent 573f1fe22f
commit 5fd12b809a
5 changed files with 481 additions and 122 deletions
--- a/pkg/nodeconfigs/node_config.go
+++ b/pkg/nodeconfigs/node_config.go
@@ -27,21 +27,24 @@ func NewServerError(serverId int64, message string) *ServerError {

 // NodeConfig 边缘节点配置
 type NodeConfig struct {
-	Id                     int64                         `yaml:"id" json:"id"`
-	NodeId                 string                        `yaml:"nodeId" json:"nodeId"`
-	Secret                 string                        `yaml:"secret" json:"secret"`
-	IsOn                   bool                          `yaml:"isOn" json:"isOn"`
-	Servers                []*serverconfigs.ServerConfig `yaml:"servers" json:"servers"`
-	SupportCNAME           bool                          `yaml:"supportCNAME" json:"supportCNAME"`
-	Version                int64                         `yaml:"version" json:"version"`
-	Name                   string                        `yaml:"name" json:"name"`
-	MaxCPU                 int32                         `yaml:"maxCPU" json:"maxCPU"`
-	RegionId               int64                         `yaml:"regionId" json:"regionId"`
-	CacheDiskDir           string                        `yaml:"cacheDiskDir" json:"cacheDiskDir"`                     // 文件缓存目录
-	MaxCacheDiskCapacity   *shared.SizeCapacity          `yaml:"maxCacheDiskCapacity" json:"maxCacheDiskCapacity"`     // 文件缓存容量
-	MaxCacheMemoryCapacity *shared.SizeCapacity          `yaml:"maxCacheMemoryCapacity" json:"maxCacheMemoryCapacity"` // 内容缓存容量
-	MaxThreads             int                           `yaml:"maxThreads" json:"maxThreads"`
-	TCPMaxConnections      int                           `yaml:"tcpMaxConnections" json:"tcpMaxConnections"`
+	Id           int64                         `yaml:"id" json:"id"`
+	NodeId       string                        `yaml:"nodeId" json:"nodeId"`
+	Secret       string                        `yaml:"secret" json:"secret"`
+	IsOn         bool                          `yaml:"isOn" json:"isOn"`
+	Servers      []*serverconfigs.ServerConfig `yaml:"servers" json:"servers"`
+	SupportCNAME bool                          `yaml:"supportCNAME" json:"supportCNAME"`
+	Version      int64                         `yaml:"version" json:"version"`
+	Name         string                        `yaml:"name" json:"name"`
+	RegionId     int64                         `yaml:"regionId" json:"regionId"`
+	OCSPVersion  int64                         `yaml:"ocspVersion" json:"ocspVersion"`
+
+	// 性能
+	MaxCPU                 int32                `yaml:"maxCPU" json:"maxCPU"`
+	CacheDiskDir           string               `yaml:"cacheDiskDir" json:"cacheDiskDir"`                     // 文件缓存目录
+	MaxCacheDiskCapacity   *shared.SizeCapacity `yaml:"maxCacheDiskCapacity" json:"maxCacheDiskCapacity"`     // 文件缓存容量
+	MaxCacheMemoryCapacity *shared.SizeCapacity `yaml:"maxCacheMemoryCapacity" json:"maxCacheMemoryCapacity"` // 内容缓存容量
+	MaxThreads             int                  `yaml:"maxThreads" json:"maxThreads"`
+	TCPMaxConnections      int                  `yaml:"tcpMaxConnections" json:"tcpMaxConnections"`

 	// 全局配置
 	GlobalConfig  *serverconfigs.GlobalConfig `yaml:"globalConfig" json:"globalConfig"` // 全局配置
@@ -56,9 +59,11 @@ type NodeConfig struct {
 	TimeZone             string                                  `yaml:"timeZone" json:"timeZone"`
 	AutoOpenPorts        bool                                    `yaml:"autoOpenPorts" json:"autoOpenPorts"`

+	// 指标
 	MetricItems []*serverconfigs.MetricItemConfig `yaml:"metricItems" json:"metricItems"`

-	AllowedIPs []string `yaml:"allowedIPs" json:"allowedIPs"` // 自动白名单
+	// 自动白名单
+	AllowedIPs []string `yaml:"allowedIPs" json:"allowedIPs"`

 	paddedId string

@@ -421,3 +426,26 @@ func (this *NodeConfig) IPIsAutoAllowed(ip string) bool {
 func (this *NodeConfig) SYNFloodConfig() *firewallconfigs.SYNFloodConfig {
 	return this.synFlood
 }
+
+// UpdateCertOCSP 修改证书OCSP
+func (this *NodeConfig) UpdateCertOCSP(certId int64, ocsp []byte) {
+	shared.Locker.Lock()
+	defer shared.Locker.Unlock()
+
+	var servers = this.Servers
+	for _, server := range servers {
+		if server.HTTPS != nil &&
+			server.HTTPS.SSLPolicy != nil &&
+			server.HTTPS.SSLPolicy.OCSPIsOn &&
+			server.HTTPS.SSLPolicy.ContainsCert(certId) {
+			server.HTTPS.SSLPolicy.UpdateCertOCSP(certId, ocsp)
+		}
+
+		if server.TLS != nil &&
+			server.TLS.SSLPolicy != nil &&
+			server.TLS.SSLPolicy.OCSPIsOn &&
+			server.TLS.SSLPolicy.ContainsCert(certId) {
+			server.TLS.SSLPolicy.UpdateCertOCSP(certId, ocsp)
+		}
+	}
+}
--- a/pkg/rpc/pb/service_ssl_cert.pb.go
+++ b/pkg/rpc/pb/service_ssl_cert.pb.go
@@ -1016,6 +1016,172 @@ func (*ResetAllSSLCertsWithOCSPErrorRequest) Descriptor() ([]byte, []int) {
 	return file_service_ssl_cert_proto_rawDescGZIP(), []int{14}
 }

+// 读取证书的OCSP
+type ListUpdatedSSLCertOCSPRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Version int64 `protobuf:"varint,1,opt,name=version,proto3" json:"version,omitempty"`
+	Size    int32 `protobuf:"varint,2,opt,name=size,proto3" json:"size,omitempty"`
+}
+
+func (x *ListUpdatedSSLCertOCSPRequest) Reset() {
+	*x = ListUpdatedSSLCertOCSPRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_service_ssl_cert_proto_msgTypes[15]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ListUpdatedSSLCertOCSPRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ListUpdatedSSLCertOCSPRequest) ProtoMessage() {}
+
+func (x *ListUpdatedSSLCertOCSPRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_service_ssl_cert_proto_msgTypes[15]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ListUpdatedSSLCertOCSPRequest.ProtoReflect.Descriptor instead.
+func (*ListUpdatedSSLCertOCSPRequest) Descriptor() ([]byte, []int) {
+	return file_service_ssl_cert_proto_rawDescGZIP(), []int{15}
+}
+
+func (x *ListUpdatedSSLCertOCSPRequest) GetVersion() int64 {
+	if x != nil {
+		return x.Version
+	}
+	return 0
+}
+
+func (x *ListUpdatedSSLCertOCSPRequest) GetSize() int32 {
+	if x != nil {
+		return x.Size
+	}
+	return 0
+}
+
+type ListUpdatedSSLCertOCSPResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	SslCertOCSP []*ListUpdatedSSLCertOCSPResponse_SSLCertOCSP `protobuf:"bytes,1,rep,name=sslCertOCSP,proto3" json:"sslCertOCSP,omitempty"`
+}
+
+func (x *ListUpdatedSSLCertOCSPResponse) Reset() {
+	*x = ListUpdatedSSLCertOCSPResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_service_ssl_cert_proto_msgTypes[16]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ListUpdatedSSLCertOCSPResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ListUpdatedSSLCertOCSPResponse) ProtoMessage() {}
+
+func (x *ListUpdatedSSLCertOCSPResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_service_ssl_cert_proto_msgTypes[16]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ListUpdatedSSLCertOCSPResponse.ProtoReflect.Descriptor instead.
+func (*ListUpdatedSSLCertOCSPResponse) Descriptor() ([]byte, []int) {
+	return file_service_ssl_cert_proto_rawDescGZIP(), []int{16}
+}
+
+func (x *ListUpdatedSSLCertOCSPResponse) GetSslCertOCSP() []*ListUpdatedSSLCertOCSPResponse_SSLCertOCSP {
+	if x != nil {
+		return x.SslCertOCSP
+	}
+	return nil
+}
+
+type ListUpdatedSSLCertOCSPResponse_SSLCertOCSP struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	SslCertId int64  `protobuf:"varint,1,opt,name=sslCertId,proto3" json:"sslCertId,omitempty"`
+	Ocsp      []byte `protobuf:"bytes,2,opt,name=ocsp,proto3" json:"ocsp,omitempty"`
+	Version   int64  `protobuf:"varint,3,opt,name=version,proto3" json:"version,omitempty"`
+}
+
+func (x *ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) Reset() {
+	*x = ListUpdatedSSLCertOCSPResponse_SSLCertOCSP{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_service_ssl_cert_proto_msgTypes[17]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) ProtoMessage() {}
+
+func (x *ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) ProtoReflect() protoreflect.Message {
+	mi := &file_service_ssl_cert_proto_msgTypes[17]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ListUpdatedSSLCertOCSPResponse_SSLCertOCSP.ProtoReflect.Descriptor instead.
+func (*ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) Descriptor() ([]byte, []int) {
+	return file_service_ssl_cert_proto_rawDescGZIP(), []int{16, 0}
+}
+
+func (x *ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) GetSslCertId() int64 {
+	if x != nil {
+		return x.SslCertId
+	}
+	return 0
+}
+
+func (x *ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) GetOcsp() []byte {
+	if x != nil {
+		return x.Ocsp
+	}
+	return nil
+}
+
+func (x *ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) GetVersion() int64 {
+	if x != nil {
+		return x.Version
+	}
+	return 0
+}
+
 var File_service_ssl_cert_proto protoreflect.FileDescriptor

 var file_service_ssl_cert_proto_rawDesc = []byte{
@@ -1140,63 +1306,87 @@ var file_service_ssl_cert_proto_rawDesc = []byte{
 	0x03, 0x52, 0x0a, 0x73, 0x73, 0x6c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x73, 0x22, 0x26, 0x0a,
 	0x24, 0x52, 0x65, 0x73, 0x65, 0x74, 0x41, 0x6c, 0x6c, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74,
 	0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x32, 0x88, 0x07, 0x0a, 0x0e, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72,
-	0x74, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x44, 0x0a, 0x0d, 0x63, 0x72, 0x65, 0x61,
-	0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x43,
-	0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53,
-	0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x39,
-	0x0a, 0x0d, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12,
-	0x18, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65,
-	0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52,
-	0x50, 0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x39, 0x0a, 0x0d, 0x64, 0x65, 0x6c,
-	0x65, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12, 0x18, 0x2e, 0x70, 0x62, 0x2e,
-	0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63,
-	0x63, 0x65, 0x73, 0x73, 0x12, 0x65, 0x0a, 0x18, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62,
-	0x6c, 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x12, 0x23, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
-	0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45,
-	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3e, 0x0a, 0x0d, 0x63,
-	0x6f, 0x75, 0x6e, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x17, 0x2e, 0x70,
-	0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x43, 0x6f,
-	0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x41, 0x0a, 0x0c, 0x6c,
-	0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x17, 0x2e, 0x70, 0x62,
-	0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53,
-	0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5f,
-	0x0a, 0x1d, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72,
-	0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12,
-	0x28, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x53, 0x53, 0x4c,
-	0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72,
-	0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52,
-	0x50, 0x43, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12,
-	0x68, 0x0a, 0x19, 0x6c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57,
-	0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x24, 0x2e, 0x70,
-	0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69,
-	0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x25, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x4d, 0x0a, 0x1d, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64,
+	0x61, 0x74, 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f,
+	0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
+	0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04,
+	0x73, 0x69, 0x7a, 0x65, 0x22, 0xcd, 0x01, 0x0a, 0x1e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64,
+	0x61, 0x74, 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x50, 0x0a, 0x0b, 0x73, 0x73, 0x6c, 0x43, 0x65,
+	0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x70,
+	0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x53, 0x53, 0x4c,
+	0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x2e, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x0b, 0x73, 0x73,
+	0x6c, 0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x1a, 0x59, 0x0a, 0x0b, 0x53, 0x53, 0x4c,
+	0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x73, 0x6c, 0x43,
+	0x65, 0x72, 0x74, 0x49, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x73, 0x73, 0x6c,
+	0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6f, 0x63, 0x73, 0x70, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x6f, 0x63, 0x73, 0x70, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65,
+	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x76, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x32, 0xe9, 0x07, 0x0a, 0x0e, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74,
+	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x44, 0x0a, 0x0d, 0x63, 0x72, 0x65, 0x61, 0x74,
+	0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72,
+	0x65, 0x61, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x19, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x53,
+	0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x39, 0x0a,
+	0x0d, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12, 0x18,
+	0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72,
+	0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50,
+	0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x39, 0x0a, 0x0d, 0x64, 0x65, 0x6c, 0x65,
+	0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x44,
+	0x65, 0x6c, 0x65, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63,
+	0x65, 0x73, 0x73, 0x12, 0x65, 0x0a, 0x18, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c,
+	0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
+	0x23, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
+	0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e,
+	0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3e, 0x0a, 0x0d, 0x63, 0x6f,
+	0x75, 0x6e, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x17, 0x2e, 0x70, 0x62,
+	0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x43, 0x6f, 0x75,
+	0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x41, 0x0a, 0x0c, 0x6c, 0x69,
+	0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x17, 0x2e, 0x70, 0x62, 0x2e,
+	0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x1a, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c,
+	0x43, 0x65, 0x72, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5f, 0x0a,
+	0x1d, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74,
+	0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x28,
+	0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x53, 0x53, 0x4c, 0x43,
 	0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f,
-	0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x55, 0x0a, 0x1b, 0x69, 0x67, 0x6e,
+	0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50,
+	0x43, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x68,
+	0x0a, 0x19, 0x6c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69,
+	0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x24, 0x2e, 0x70, 0x62,
+	0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74,
+	0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x1a, 0x25, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65,
+	0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72,
+	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x55, 0x0a, 0x1b, 0x69, 0x67, 0x6e, 0x6f,
+	0x72, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43,
+	0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x26, 0x2e, 0x70, 0x62, 0x2e, 0x49, 0x67, 0x6e,
 	0x6f, 0x72, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f,
-	0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x26, 0x2e, 0x70, 0x62, 0x2e, 0x49, 0x67,
-	0x6e, 0x6f, 0x72, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68,
-	0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73,
-	0x12, 0x53, 0x0a, 0x1a, 0x72, 0x65, 0x73, 0x65, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74,
-	0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x25,
-	0x2e, 0x70, 0x62, 0x2e, 0x52, 0x65, 0x73, 0x65, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74,
-	0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75,
-	0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x59, 0x0a, 0x1d, 0x72, 0x65, 0x73, 0x65, 0x74, 0x41, 0x6c,
-	0x6c, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53,
-	0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x28, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x65, 0x73, 0x65,
-	0x74, 0x41, 0x6c, 0x6c, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68,
-	0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73,
+	0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12,
+	0x53, 0x0a, 0x1a, 0x72, 0x65, 0x73, 0x65, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73,
+	0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x25, 0x2e,
+	0x70, 0x62, 0x2e, 0x52, 0x65, 0x73, 0x65, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73,
+	0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63,
+	0x63, 0x65, 0x73, 0x73, 0x12, 0x59, 0x0a, 0x1d, 0x72, 0x65, 0x73, 0x65, 0x74, 0x41, 0x6c, 0x6c,
+	0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50,
+	0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x28, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x65, 0x73, 0x65, 0x74,
+	0x41, 0x6c, 0x6c, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f,
+	0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12,
+	0x5f, 0x0a, 0x16, 0x6c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x53, 0x53,
+	0x4c, 0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x12, 0x21, 0x2e, 0x70, 0x62, 0x2e, 0x4c,
+	0x69, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72,
+	0x74, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x70,
+	0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x53, 0x53, 0x4c,
+	0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
 	0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }

@@ -1212,56 +1402,62 @@ func file_service_ssl_cert_proto_rawDescGZIP() []byte {
 	return file_service_ssl_cert_proto_rawDescData
 }

-var file_service_ssl_cert_proto_msgTypes = make([]protoimpl.MessageInfo, 15)
+var file_service_ssl_cert_proto_msgTypes = make([]protoimpl.MessageInfo, 18)
 var file_service_ssl_cert_proto_goTypes = []interface{}{
-	(*CreateSSLCertRequest)(nil),                 // 0: pb.CreateSSLCertRequest
-	(*CreateSSLCertResponse)(nil),                // 1: pb.CreateSSLCertResponse
-	(*UpdateSSLCertRequest)(nil),                 // 2: pb.UpdateSSLCertRequest
-	(*FindEnabledSSLCertConfigRequest)(nil),      // 3: pb.FindEnabledSSLCertConfigRequest
-	(*FindEnabledSSLCertConfigResponse)(nil),     // 4: pb.FindEnabledSSLCertConfigResponse
-	(*DeleteSSLCertRequest)(nil),                 // 5: pb.DeleteSSLCertRequest
-	(*CountSSLCertRequest)(nil),                  // 6: pb.CountSSLCertRequest
-	(*ListSSLCertsRequest)(nil),                  // 7: pb.ListSSLCertsRequest
-	(*ListSSLCertsResponse)(nil),                 // 8: pb.ListSSLCertsResponse
-	(*CountAllSSLCertsWithOCSPErrorRequest)(nil), // 9: pb.CountAllSSLCertsWithOCSPErrorRequest
-	(*ListSSLCertsWithOCSPErrorRequest)(nil),     // 10: pb.ListSSLCertsWithOCSPErrorRequest
-	(*ListSSLCertsWithOCSPErrorResponse)(nil),    // 11: pb.ListSSLCertsWithOCSPErrorResponse
-	(*IgnoreSSLCertsWithOCSPErrorRequest)(nil),   // 12: pb.IgnoreSSLCertsWithOCSPErrorRequest
-	(*ResetSSLCertsWithOCSPErrorRequest)(nil),    // 13: pb.ResetSSLCertsWithOCSPErrorRequest
-	(*ResetAllSSLCertsWithOCSPErrorRequest)(nil), // 14: pb.ResetAllSSLCertsWithOCSPErrorRequest
-	(*SSLCert)(nil),                              // 15: pb.SSLCert
-	(*RPCSuccess)(nil),                           // 16: pb.RPCSuccess
-	(*RPCCountResponse)(nil),                     // 17: pb.RPCCountResponse
+	(*CreateSSLCertRequest)(nil),                       // 0: pb.CreateSSLCertRequest
+	(*CreateSSLCertResponse)(nil),                      // 1: pb.CreateSSLCertResponse
+	(*UpdateSSLCertRequest)(nil),                       // 2: pb.UpdateSSLCertRequest
+	(*FindEnabledSSLCertConfigRequest)(nil),            // 3: pb.FindEnabledSSLCertConfigRequest
+	(*FindEnabledSSLCertConfigResponse)(nil),           // 4: pb.FindEnabledSSLCertConfigResponse
+	(*DeleteSSLCertRequest)(nil),                       // 5: pb.DeleteSSLCertRequest
+	(*CountSSLCertRequest)(nil),                        // 6: pb.CountSSLCertRequest
+	(*ListSSLCertsRequest)(nil),                        // 7: pb.ListSSLCertsRequest
+	(*ListSSLCertsResponse)(nil),                       // 8: pb.ListSSLCertsResponse
+	(*CountAllSSLCertsWithOCSPErrorRequest)(nil),       // 9: pb.CountAllSSLCertsWithOCSPErrorRequest
+	(*ListSSLCertsWithOCSPErrorRequest)(nil),           // 10: pb.ListSSLCertsWithOCSPErrorRequest
+	(*ListSSLCertsWithOCSPErrorResponse)(nil),          // 11: pb.ListSSLCertsWithOCSPErrorResponse
+	(*IgnoreSSLCertsWithOCSPErrorRequest)(nil),         // 12: pb.IgnoreSSLCertsWithOCSPErrorRequest
+	(*ResetSSLCertsWithOCSPErrorRequest)(nil),          // 13: pb.ResetSSLCertsWithOCSPErrorRequest
+	(*ResetAllSSLCertsWithOCSPErrorRequest)(nil),       // 14: pb.ResetAllSSLCertsWithOCSPErrorRequest
+	(*ListUpdatedSSLCertOCSPRequest)(nil),              // 15: pb.ListUpdatedSSLCertOCSPRequest
+	(*ListUpdatedSSLCertOCSPResponse)(nil),             // 16: pb.ListUpdatedSSLCertOCSPResponse
+	(*ListUpdatedSSLCertOCSPResponse_SSLCertOCSP)(nil), // 17: pb.ListUpdatedSSLCertOCSPResponse.SSLCertOCSP
+	(*SSLCert)(nil),                                    // 18: pb.SSLCert
+	(*RPCSuccess)(nil),                                 // 19: pb.RPCSuccess
+	(*RPCCountResponse)(nil),                           // 20: pb.RPCCountResponse
 }
 var file_service_ssl_cert_proto_depIdxs = []int32{
-	15, // 0: pb.ListSSLCertsWithOCSPErrorResponse.sslCerts:type_name -> pb.SSLCert
-	0,  // 1: pb.SSLCertService.createSSLCert:input_type -> pb.CreateSSLCertRequest
-	2,  // 2: pb.SSLCertService.updateSSLCert:input_type -> pb.UpdateSSLCertRequest
-	5,  // 3: pb.SSLCertService.deleteSSLCert:input_type -> pb.DeleteSSLCertRequest
-	3,  // 4: pb.SSLCertService.findEnabledSSLCertConfig:input_type -> pb.FindEnabledSSLCertConfigRequest
-	6,  // 5: pb.SSLCertService.countSSLCerts:input_type -> pb.CountSSLCertRequest
-	7,  // 6: pb.SSLCertService.listSSLCerts:input_type -> pb.ListSSLCertsRequest
-	9,  // 7: pb.SSLCertService.countAllSSLCertsWithOCSPError:input_type -> pb.CountAllSSLCertsWithOCSPErrorRequest
-	10, // 8: pb.SSLCertService.listSSLCertsWithOCSPError:input_type -> pb.ListSSLCertsWithOCSPErrorRequest
-	12, // 9: pb.SSLCertService.ignoreSSLCertsWithOCSPError:input_type -> pb.IgnoreSSLCertsWithOCSPErrorRequest
-	13, // 10: pb.SSLCertService.resetSSLCertsWithOCSPError:input_type -> pb.ResetSSLCertsWithOCSPErrorRequest
-	14, // 11: pb.SSLCertService.resetAllSSLCertsWithOCSPError:input_type -> pb.ResetAllSSLCertsWithOCSPErrorRequest
-	1,  // 12: pb.SSLCertService.createSSLCert:output_type -> pb.CreateSSLCertResponse
-	16, // 13: pb.SSLCertService.updateSSLCert:output_type -> pb.RPCSuccess
-	16, // 14: pb.SSLCertService.deleteSSLCert:output_type -> pb.RPCSuccess
-	4,  // 15: pb.SSLCertService.findEnabledSSLCertConfig:output_type -> pb.FindEnabledSSLCertConfigResponse
-	17, // 16: pb.SSLCertService.countSSLCerts:output_type -> pb.RPCCountResponse
-	8,  // 17: pb.SSLCertService.listSSLCerts:output_type -> pb.ListSSLCertsResponse
-	17, // 18: pb.SSLCertService.countAllSSLCertsWithOCSPError:output_type -> pb.RPCCountResponse
-	11, // 19: pb.SSLCertService.listSSLCertsWithOCSPError:output_type -> pb.ListSSLCertsWithOCSPErrorResponse
-	16, // 20: pb.SSLCertService.ignoreSSLCertsWithOCSPError:output_type -> pb.RPCSuccess
-	16, // 21: pb.SSLCertService.resetSSLCertsWithOCSPError:output_type -> pb.RPCSuccess
-	16, // 22: pb.SSLCertService.resetAllSSLCertsWithOCSPError:output_type -> pb.RPCSuccess
-	12, // [12:23] is the sub-list for method output_type
-	1,  // [1:12] is the sub-list for method input_type
-	1,  // [1:1] is the sub-list for extension type_name
-	1,  // [1:1] is the sub-list for extension extendee
-	0,  // [0:1] is the sub-list for field type_name
+	18, // 0: pb.ListSSLCertsWithOCSPErrorResponse.sslCerts:type_name -> pb.SSLCert
+	17, // 1: pb.ListUpdatedSSLCertOCSPResponse.sslCertOCSP:type_name -> pb.ListUpdatedSSLCertOCSPResponse.SSLCertOCSP
+	0,  // 2: pb.SSLCertService.createSSLCert:input_type -> pb.CreateSSLCertRequest
+	2,  // 3: pb.SSLCertService.updateSSLCert:input_type -> pb.UpdateSSLCertRequest
+	5,  // 4: pb.SSLCertService.deleteSSLCert:input_type -> pb.DeleteSSLCertRequest
+	3,  // 5: pb.SSLCertService.findEnabledSSLCertConfig:input_type -> pb.FindEnabledSSLCertConfigRequest
+	6,  // 6: pb.SSLCertService.countSSLCerts:input_type -> pb.CountSSLCertRequest
+	7,  // 7: pb.SSLCertService.listSSLCerts:input_type -> pb.ListSSLCertsRequest
+	9,  // 8: pb.SSLCertService.countAllSSLCertsWithOCSPError:input_type -> pb.CountAllSSLCertsWithOCSPErrorRequest
+	10, // 9: pb.SSLCertService.listSSLCertsWithOCSPError:input_type -> pb.ListSSLCertsWithOCSPErrorRequest
+	12, // 10: pb.SSLCertService.ignoreSSLCertsWithOCSPError:input_type -> pb.IgnoreSSLCertsWithOCSPErrorRequest
+	13, // 11: pb.SSLCertService.resetSSLCertsWithOCSPError:input_type -> pb.ResetSSLCertsWithOCSPErrorRequest
+	14, // 12: pb.SSLCertService.resetAllSSLCertsWithOCSPError:input_type -> pb.ResetAllSSLCertsWithOCSPErrorRequest
+	15, // 13: pb.SSLCertService.listUpdatedSSLCertOCSP:input_type -> pb.ListUpdatedSSLCertOCSPRequest
+	1,  // 14: pb.SSLCertService.createSSLCert:output_type -> pb.CreateSSLCertResponse
+	19, // 15: pb.SSLCertService.updateSSLCert:output_type -> pb.RPCSuccess
+	19, // 16: pb.SSLCertService.deleteSSLCert:output_type -> pb.RPCSuccess
+	4,  // 17: pb.SSLCertService.findEnabledSSLCertConfig:output_type -> pb.FindEnabledSSLCertConfigResponse
+	20, // 18: pb.SSLCertService.countSSLCerts:output_type -> pb.RPCCountResponse
+	8,  // 19: pb.SSLCertService.listSSLCerts:output_type -> pb.ListSSLCertsResponse
+	20, // 20: pb.SSLCertService.countAllSSLCertsWithOCSPError:output_type -> pb.RPCCountResponse
+	11, // 21: pb.SSLCertService.listSSLCertsWithOCSPError:output_type -> pb.ListSSLCertsWithOCSPErrorResponse
+	19, // 22: pb.SSLCertService.ignoreSSLCertsWithOCSPError:output_type -> pb.RPCSuccess
+	19, // 23: pb.SSLCertService.resetSSLCertsWithOCSPError:output_type -> pb.RPCSuccess
+	19, // 24: pb.SSLCertService.resetAllSSLCertsWithOCSPError:output_type -> pb.RPCSuccess
+	16, // 25: pb.SSLCertService.listUpdatedSSLCertOCSP:output_type -> pb.ListUpdatedSSLCertOCSPResponse
+	14, // [14:26] is the sub-list for method output_type
+	2,  // [2:14] is the sub-list for method input_type
+	2,  // [2:2] is the sub-list for extension type_name
+	2,  // [2:2] is the sub-list for extension extendee
+	0,  // [0:2] is the sub-list for field type_name
 }

 func init() { file_service_ssl_cert_proto_init() }
@@ -1452,6 +1648,42 @@ func file_service_ssl_cert_proto_init() {
 				return nil
 			}
 		}
+		file_service_ssl_cert_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ListUpdatedSSLCertOCSPRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_service_ssl_cert_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ListUpdatedSSLCertOCSPResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_service_ssl_cert_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ListUpdatedSSLCertOCSPResponse_SSLCertOCSP); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
 	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
@@ -1459,7 +1691,7 @@ func file_service_ssl_cert_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_service_ssl_cert_proto_rawDesc,
 			NumEnums:      0,
-			NumMessages:   15,
+			NumMessages:   18,
 			NumExtensions: 0,
 			NumServices:   1,
 		},
@@ -1507,6 +1739,8 @@ type SSLCertServiceClient interface {
 	ResetSSLCertsWithOCSPError(ctx context.Context, in *ResetSSLCertsWithOCSPErrorRequest, opts ...grpc.CallOption) (*RPCSuccess, error)
 	// 重置所有证书OCSP错误状态
 	ResetAllSSLCertsWithOCSPError(ctx context.Context, in *ResetAllSSLCertsWithOCSPErrorRequest, opts ...grpc.CallOption) (*RPCSuccess, error)
+	// 读取证书的OCSP
+	ListUpdatedSSLCertOCSP(ctx context.Context, in *ListUpdatedSSLCertOCSPRequest, opts ...grpc.CallOption) (*ListUpdatedSSLCertOCSPResponse, error)
 }

 type sSLCertServiceClient struct {
@@ -1616,6 +1850,15 @@ func (c *sSLCertServiceClient) ResetAllSSLCertsWithOCSPError(ctx context.Context
 	return out, nil
 }

+func (c *sSLCertServiceClient) ListUpdatedSSLCertOCSP(ctx context.Context, in *ListUpdatedSSLCertOCSPRequest, opts ...grpc.CallOption) (*ListUpdatedSSLCertOCSPResponse, error) {
+	out := new(ListUpdatedSSLCertOCSPResponse)
+	err := c.cc.Invoke(ctx, "/pb.SSLCertService/listUpdatedSSLCertOCSP", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 // SSLCertServiceServer is the server API for SSLCertService service.
 type SSLCertServiceServer interface {
 	// 创建Cert
@@ -1640,6 +1883,8 @@ type SSLCertServiceServer interface {
 	ResetSSLCertsWithOCSPError(context.Context, *ResetSSLCertsWithOCSPErrorRequest) (*RPCSuccess, error)
 	// 重置所有证书OCSP错误状态
 	ResetAllSSLCertsWithOCSPError(context.Context, *ResetAllSSLCertsWithOCSPErrorRequest) (*RPCSuccess, error)
+	// 读取证书的OCSP
+	ListUpdatedSSLCertOCSP(context.Context, *ListUpdatedSSLCertOCSPRequest) (*ListUpdatedSSLCertOCSPResponse, error)
 }

 // UnimplementedSSLCertServiceServer can be embedded to have forward compatible implementations.
@@ -1679,6 +1924,9 @@ func (*UnimplementedSSLCertServiceServer) ResetSSLCertsWithOCSPError(context.Con
 func (*UnimplementedSSLCertServiceServer) ResetAllSSLCertsWithOCSPError(context.Context, *ResetAllSSLCertsWithOCSPErrorRequest) (*RPCSuccess, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method ResetAllSSLCertsWithOCSPError not implemented")
 }
+func (*UnimplementedSSLCertServiceServer) ListUpdatedSSLCertOCSP(context.Context, *ListUpdatedSSLCertOCSPRequest) (*ListUpdatedSSLCertOCSPResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListUpdatedSSLCertOCSP not implemented")
+}

 func RegisterSSLCertServiceServer(s *grpc.Server, srv SSLCertServiceServer) {
 	s.RegisterService(&_SSLCertService_serviceDesc, srv)
@@ -1882,6 +2130,24 @@ func _SSLCertService_ResetAllSSLCertsWithOCSPError_Handler(srv interface{}, ctx
 	return interceptor(ctx, in, info, handler)
 }

+func _SSLCertService_ListUpdatedSSLCertOCSP_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ListUpdatedSSLCertOCSPRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(SSLCertServiceServer).ListUpdatedSSLCertOCSP(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/pb.SSLCertService/ListUpdatedSSLCertOCSP",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(SSLCertServiceServer).ListUpdatedSSLCertOCSP(ctx, req.(*ListUpdatedSSLCertOCSPRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 var _SSLCertService_serviceDesc = grpc.ServiceDesc{
 	ServiceName: "pb.SSLCertService",
 	HandlerType: (*SSLCertServiceServer)(nil),
@@ -1930,6 +2196,10 @@ var _SSLCertService_serviceDesc = grpc.ServiceDesc{
 			MethodName: "resetAllSSLCertsWithOCSPError",
 			Handler:    _SSLCertService_ResetAllSSLCertsWithOCSPError_Handler,
 		},
+		{
+			MethodName: "listUpdatedSSLCertOCSP",
+			Handler:    _SSLCertService_ListUpdatedSSLCertOCSP_Handler,
+		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "service_ssl_cert.proto",
--- a/pkg/rpc/protos/service_ssl_cert.proto
+++ b/pkg/rpc/protos/service_ssl_cert.proto
@@ -39,6 +39,9 @@ service SSLCertService {

 	// 重置所有证书OCSP错误状态
 	rpc resetAllSSLCertsWithOCSPError (ResetAllSSLCertsWithOCSPErrorRequest) returns (RPCSuccess);
+
+	// 读取证书的OCSP
+	rpc listUpdatedSSLCertOCSP(ListUpdatedSSLCertOCSPRequest) returns (ListUpdatedSSLCertOCSPResponse);
 }

 // 创建Cert
@@ -145,4 +148,20 @@ message ResetSSLCertsWithOCSPErrorRequest {
 // 重置所有证书OCSP错误状态
 message ResetAllSSLCertsWithOCSPErrorRequest {

+}
+
+// 读取证书的OCSP
+message ListUpdatedSSLCertOCSPRequest {
+	int64 version = 1;
+	int32 size = 2;
+}
+
+message ListUpdatedSSLCertOCSPResponse {
+	repeated SSLCertOCSP sslCertOCSP = 1;
+
+	message SSLCertOCSP {
+		int64 sslCertId = 1;
+		bytes ocsp = 2;
+		int64 version = 3;
+	}
 }
--- a/pkg/serverconfigs/sslconfigs/ssl_consts.go
+++ b/pkg/serverconfigs/sslconfigs/ssl_consts.go
@@ -2,7 +2,6 @@ package sslconfigs

 import (
 	"crypto/tls"
-	"os"
 )

 var AllTlsVersions = []TLSVersion{"SSL 3.0", "TLS 1.0", "TLS 1.1", "TLS 1.2", "TLS 1.3"}
@@ -78,8 +77,6 @@ func (this *SSLPolicy) convertMinVersion() {
 		this.minVersion = tls.VersionTLS12
 	case "TLS 1.3":
 		this.minVersion = tls.VersionTLS13
-
-		os.Setenv("GODEBUG", "tls13=1") // TODO should be removed in go 1.14, in go 1.12 tls IS NOT FULL IMPLEMENTED YET
 	default:
 		this.minVersion = tls.VersionTLS10
 	}
--- a/pkg/serverconfigs/sslconfigs/ssl_policy.go
+++ b/pkg/serverconfigs/sslconfigs/ssl_policy.go
@@ -1,6 +1,7 @@
 package sslconfigs

 import (
+	"bytes"
 	"crypto/tls"
 	"crypto/x509"
 	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
@@ -154,3 +155,47 @@ func (this *SSLPolicy) CAPool() *x509.CertPool {
 func (this *SSLPolicy) TLSConfig() *tls.Config {
 	return this.tlsConfig
 }
+
+// ContainsCert 检查是否包括某个证书
+func (this *SSLPolicy) ContainsCert(certId int64) bool {
+	for _, cert := range this.Certs {
+		if cert.Id == certId {
+			return true
+		}
+	}
+	return false
+}
+
+// UpdateCertOCSP 修改某个证书的OCSP
+func (this *SSLPolicy) UpdateCertOCSP(certId int64, ocsp []byte) {
+	for _, cert := range this.Certs {
+		if cert.Id == certId {
+			cert.OCSP = ocsp
+			cert.CertObject().OCSPStaple = cert.OCSP
+
+			// 修改tlsConfig中的cert
+			for index, cert2 := range this.tlsConfig.Certificates {
+				if this.certIsEqual(*cert.CertObject(), cert2) {
+					this.tlsConfig.Certificates[index].OCSPStaple = ocsp
+				}
+			}
+			break
+		}
+	}
+}
+
+func (this *SSLPolicy) certIsEqual(cert1 tls.Certificate, cert2 tls.Certificate) bool {
+	var b1 = cert1.Certificate
+	var b2 = cert2.Certificate
+	if len(b1) != len(b2) {
+		return false
+	}
+
+	for index, b := range b1 {
+		if bytes.Compare(b, b2[index]) != 0 {
+			return false
+		}
+	}
+
+	return true
+}