openssl ocsp responder
Lynch, Pat
Pat.Lynch at poly.com
Fri May 20 15:21:29 UTC 2022
Hello,
I've created a CA using EasyRSA, which is based on openssl. I'm trying to run "openssl ocsp" in server mode. Everything starts just fine and it processes client requests, but no matter what certificate I try to query, the openssl ocsp responder sends "Cert Status: unknown".
This is the server command line:
/usr/bin/openssl ocsp -ignore_err -resp_no_certs -nmin 60 -index /opt/EasyRSA-3.0.8/pki/index.txt -port 8080 -rsigner /opt/EasyRSA-3.0.8/pki/issued/ocsp-signer.crt -rkey /opt/EasyRSA-3.0.8/pki/private/ocsp-signer.key -CA /opt/EasyRSA-3.0.8/pki/ca.crt -text -out /var/log/ocspd/ocspd.log
The index file looks good. The certificates I'm querying were definitely issued by the CA. The status is accurate in the index file.
What could be going on that's preventing the ocsp responder from getting and reporting the true status?
Thanks!
-Pat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220520/9de97db3/attachment.htm>
More information about the openssl-users
mailing list