[openssl-users] OCSP response signed by self-signed trusted responder validation

Salz, Rich rsalz at akamai.com
Tue Dec 4 17:39:27 UTC 2018

The responder isn’t supposed to be self-signed.  It’s supposed to be signed by the CA issuing the certs.  That way you know that the CA “trusts” the responder.

Now, having said that, what you want to do is reasonable – think of it as “out of band” trust.  You will probably have to modify the source to support it, however.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181204/0cebbfdd/attachment.html>

More information about the openssl-users mailing list