From f233eed86c505b24c64b011ad46737abf01caa7c Mon Sep 17 00:00:00 2001
From: hc-github-team-secure-vault-core
 <82990506+hc-github-team-secure-vault-core@users.noreply.github.com>
Date: Fri, 17 Mar 2023 14:35:20 -0400
Subject: [PATCH] backport of commit 98f4d1f8c2723217afd28ff772661b4b90f7f7d5
 (#19613)

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
---
 website/content/docs/upgrading/upgrade-to-1.12.x.mdx |  2 ++
 website/content/docs/upgrading/upgrade-to-1.13.x.mdx |  4 +++-
 website/content/partials/ocsp-redirect.mdx           | 11 +++++++++++
 3 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 website/content/partials/ocsp-redirect.mdx

diff --git a/website/content/docs/upgrading/upgrade-to-1.12.x.mdx b/website/content/docs/upgrading/upgrade-to-1.12.x.mdx
index 13b716f17d88..ede60be52da7 100644
--- a/website/content/docs/upgrading/upgrade-to-1.12.x.mdx
+++ b/website/content/docs/upgrading/upgrade-to-1.12.x.mdx
@@ -182,3 +182,5 @@ As a workaround, OCSP POST requests can be used which are unaffected.
 Affects version 1.12.3. A fix will be released in 1.12.4.
 
 @include 'tokenization-rotation-persistence.mdx'
+
+@include 'ocsp-redirect.mdx'
diff --git a/website/content/docs/upgrading/upgrade-to-1.13.x.mdx b/website/content/docs/upgrading/upgrade-to-1.13.x.mdx
index 276e28a2c6ff..71254b098d1c 100644
--- a/website/content/docs/upgrading/upgrade-to-1.13.x.mdx
+++ b/website/content/docs/upgrading/upgrade-to-1.13.x.mdx
@@ -78,4 +78,6 @@ are unaffected.
 
 ## Known Issues
 
-@include 'tokenization-rotation-persistence.mdx'
\ No newline at end of file
+@include 'tokenization-rotation-persistence.mdx'
+
+@include 'ocsp-redirect.mdx'
diff --git a/website/content/partials/ocsp-redirect.mdx b/website/content/partials/ocsp-redirect.mdx
new file mode 100644
index 000000000000..e63337cada76
--- /dev/null
+++ b/website/content/partials/ocsp-redirect.mdx
@@ -0,0 +1,11 @@
+### PKI OCSP GET requests can return HTTP redirect responses
+
+If a base64 encoded OCSP request contains consecutive '/' characters, the GET request
+will return a 301 permanent redirect response. If the redirection is followed, the
+request will not decode as it will not be a properly base64 encoded request.
+
+As a workaround, OCSP POST requests can be used which are unaffected.
+
+#### Impacted Versions
+
+Affects all current versions of 1.12.x and 1.13.x