[openssl-users] How can I sstart openssl ocsp in secure mode using TLS/SSL

Ike Ikonne iikonne at us.ibm.com
Fri Sep 22 14:03:58 UTC 2017


Hi all,

I have been trying to test the embed openssl ocsp server in secure mode 
like:

c:\openssl-0.9.8\share>c:\openssl-0.9.8\bin\openssl ocsp -url 
https://myhost:7575-req_text -resp_text -text -index 
intermediate\index.txt -CA int
ermediate\certs\ca-chain-cert.pem -rkey 
intermediate\private\ocsp.example.com.key.pem -rsigner 
intermediate\certs\ocsp.example.com.cert.pem

using the https protocol, but when I try to validate a certificate using 
the built-in ocsp client similar to:

c:\openssl-0.9.8\share>c:\openssl-0.9.8\bin\openssl ocsp -CAfile 
intermediate\certs\ca-chain-cert.pem -url https://myhost:7575-resp_text 
-issuer
intermediate\certs\intermediate.cert.pem -cert 
intermediate\certs\test.example.com.cert.pem

I get the following error message

Error connecting BIO
Error querying OCSP responsder
12164:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown 
protocol:./ssl/s23_clnt.c:585:

Does anyone know how I may overcome this?


Thanks,

Ike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170922/5b090bcd/attachment.html>


More information about the openssl-users mailing list