[openssl-users] Problem with OSCP Server Response

[Juan Sebastián Cárdenas Arenas]

Good Morning

My name is Juan Sebastian Cardenas, I'm a Systems engineer from Colombia

I am implementing an internal PKI for the organization where I work using openssl

The idea is to generate certificates and digital signatures to members of the organization so that they can sign documents of the office suite and eliminate the use of paper

I have success in creating the keys and certificates from a ca root and an intermediary, I am using the intermediary to sign certificates of users and the server OCSP

When creating user certificates I am defining the URI of OCSP server so that it can verify the validity of the certificate

And finally I am exporting user certificates to a pkcs12 format (.p12) to install the certificate and key user on the user's computer

After installing the pkcs12 key on user's computer, I can use the programs of the office suite (word, excel, power point, etc..) to sign documents using the installed digital signature, however, only makes the connection to the OCSP server once and then no longer allow any verification or validation.

In reviewing the response from the OCSP server:
Invalid request
Reply Error: malformedRequest (1)

And then in the Office program, I can´t use the digital signature to sign documents anymore, and present the message the selected certificate can not be verified. Check the network connection (as had already been able to connect the first time)

Ask them please guide me regarding this specific error check with the OCSP server response.

Thanks for all your help


Juan Sebastian Cardenas Arenas

Docente TC - Dirección de Investigaciones
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160421/3964e9d6/attachment.html>