[openssl-users] Problem checking certificate with OCSP
Dr. Stephen Henson
steve at openssl.org
Mon Oct 5 15:11:01 UTC 2015
On Mon, Oct 05, 2015, Walter H. wrote:
> Hello,
>
> attached is the certificate and its chain of https://revoked.grc.com/
>
> doing this:
>
> openssl ocsp -no_nonce -issuer chain.pem -cert cert.pem -text -url
> http://ocsp2.globalsign.com/gsdomainvalg2
>
> goves the following:
>
> OCSP Request Data:
> Version: 1 (0x0)
> Requestor List:
> Certificate ID:
> Hash Algorithm: sha1
> Issuer Name Hash: 45658DA20174402FF48B3A6AC0BC69208095C7CA
> Issuer Key Hash: 96ADFAB05BB983642A76C21C8A69DA42DCFEFD28
> Serial Number: 112155688D380775DA34C5DF97433ED3F6A7
> Error querying OCSP responsder
> 139928584042312:error:27076072:OCSP routines:PARSE_HTTP_LINE1:server response
> error:ocsp_ht.c:250:Code=403,Reason=Forbidden
>
> where is the problem for this strange error?
>
Some OCSP responders need the host header, try adding:
-header Host ocsp2.globalsign.com
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list