openssl ocsp responder

Lynch, Pat Pat.Lynch at
Fri May 20 15:21:29 UTC 2022


I've created a CA using EasyRSA, which is based on openssl.  I'm trying to run "openssl ocsp" in server mode.  Everything starts just fine and it processes client requests, but no matter what certificate I try to query, the openssl ocsp responder sends "Cert Status: unknown".

This is the server command line:

/usr/bin/openssl ocsp -ignore_err -resp_no_certs -nmin 60 -index /opt/EasyRSA-3.0.8/pki/index.txt -port 8080 -rsigner /opt/EasyRSA-3.0.8/pki/issued/ocsp-signer.crt -rkey /opt/EasyRSA-3.0.8/pki/private/ocsp-signer.key -CA /opt/EasyRSA-3.0.8/pki/ca.crt -text -out /var/log/ocspd/ocspd.log

The index file looks good.  The certificates I'm querying were definitely issued by the CA. The status is accurate in the index file.

What could be going on that's preventing the ocsp responder from getting and reporting the true status?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list