OCSP - Trusted responder model
murugesh pitchaiah
murugesh.pitchaiah at gmail.com
Wed Aug 3 16:52:45 UTC 2022
Hi,
I am looking for testing the Trusted OCSP responder model.
Here is the certificate hierarchy:
1) rootca-->subca-->leaf
2) responderca (another root ca)
subChain : Contains both subca and rootca
index.txt - contains the entries for subca and leaf
OCSP Request is raised in the sequence: 1) leaf 2) subca
This is how the i tried running the ocsp responder:
> openssl ocsp -port 2561 -text -index index.txt -CA subChain -rkey
respondercakey.pem -rsigner respondercacert.pem
Here got good response for leaf but for subca - unknown is returned by
responder
> openssl ocsp -port 2561 -text -index index.txt -CA cacert.pem -rkey
respondercakey.pem -rsigner respondercacert.pem
Here unknown is returned by responder for leaf
Could you please help here with what I am missing ? Is there any other way
to give the "CA" option while running "global responder" -that is a trusted
responder model ?
Thanks,
Murugesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220803/9f6ee8f3/attachment.htm>
More information about the openssl-users
mailing list