See https://bugzilla.mozilla.org/show_bug.cgi?id=1745600 and https://bugzilla.mozilla.org/show_bug.cgi?id=966856.
Recently some sites began stapling OCSP responses that made use of sha-2 in the CertID section (sha-1 is much more common here). Since not all of the machines in the CDNs of the affected sites did use sha-2, it made it hard to verify the fix. It would be helpful to have a site that's guaranteed to be serving an OCSP response with a CertID that uses sha-2.
See https://bugzilla.mozilla.org/show_bug.cgi?id=1745600 and https://bugzilla.mozilla.org/show_bug.cgi?id=966856. Recently some sites began stapling OCSP responses that made use of sha-2 in the CertID section (sha-1 is much more common here). Since not all of the machines in the CDNs of the affected sites did use sha-2, it made it hard to verify the fix. It would be helpful to have a site that's guaranteed to be serving an OCSP response with a CertID that uses sha-2.