On Monday, January 22, 2018 at 1:26:01 AM UTC-8, ihave...@gmail.com wrote: > Hi, > > Just as an FYI, I am still getting 404. My geographic location is UAE if that > helps at all. > > My openssl command: > openssl ocsp -issuer gtsx1.pem -cert goodr1demopkigoog.crt -url > http://ocsp.pki.goog/GTSGIAG3 -CAfile gtsrootr1.pem > Error querying OCSP responder > 77317:error:27075072:OCSP routines:PARSE_HTTP_LINE1:server response > error:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.60.1/src/crypto/ocsp/ocsp_ht.c:224:Code=404,Reason=Not > Found
Tham, It seems you are not specifying the hostname header which is required by HTTP 1.1 which is required by RFC 2560: Here is what a command for that root would look like: openssl ocsp -issuer r1goodissuer.cer -cert r1good.cer -no_nonce -text -url "http://ocsp.pki.goog/GTSGIAG3" -header host ocsp.pki.goog Ryan _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy