|
Hi All, This is a thread continuing an issue I have with "request for non reckognized CA"... I want through the source and found the following: /* Is this request about our CA? */ if ((ca = ocspd_CA_ENTRY_find( conf, cid )) == NULL) { if (verbose) { syslog( LOG_INFO, "request for non reckognized CA", ASN1_INTEGER_get(serial) ); } OCSP_basic_add1_status(bs, cid, V_OCSP_CERTSTATUS_UNKNOWN,0,NULL, X509_gmtime_adj(NULL, 0),nextupd); continue; } Now the question is, if the CA is not the one signing the CRL's, but the ROOT CA? I use the following setup, and it seams to fail...: Root CA - > signs SUB CA's such as Intermediate CA's, and a CRL CA (CRL Signer) revoking the certificates and OCSP Signer. The Intermediate CA's sign the subscriber certificates. The CRL CA revokes all the certificates signed by the Intermediate CA's. Now, when a request gets in, it provides the ROOT CA or Intermediate CA to the OCSP server (not sure which). In my case, this is not the one which signed the CRL, therefore fails...But when I try to load the configuration with the ROOT CA as CRL Signer in ca_url it obviously fails too... So it seams, this setup, when the Root CA is not signing all and everything by itself, it fails....right? --
Regards
Signer: Eddy Nigg
Company: StartCom Linux at www.startcom.org MediaHost™ at www.mediahost.org Skype: startcom Phone: +1.213.341.0390
Import StartCom Public CA
|
smime.p7s
Description: S/MIME Cryptographic Signature
