Pramila Rani wrote: > > Hello, > > Sorry, I did find an examples dir, and based on the sample conf file, start.sh and >request.sh file, I started the server fine. > But when I gave a request command from the command prompt : > > # openssl ocsp -issuer >/usr/local/openca/OpenCA/var/crypto/cacerts/cacert.pem -serial 03 -url >http://localhost:2560 > > I got the following response : > > Response Verify Failure > 9604:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify >error:ocsp_vfy.c:122:Verify error:unable to get local issuer certificate > 03: good > This Update: Jun 1 08:01:11 2002 GMT > Next Update: Jun 1 08:06:11 2002 GMT > > What does 'Response Verify Failure' mean? The cacert.pem is located in the > said dir. What does '03: good' mean?
This means that the response dir return an "ok" for the requested certificate
but the 'openssl' command did not succeed to build the full chain of certs
to verify it. Are you sure you have correctly set the full CA chain ? Do
you have a full chain or a single self-signed certificate ?
Another possible problem : has the OCSP certificate the OCSPSigning extension
set ?
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] madwolf at cpan.org
madwolf at openca.org
http://www.openca.org madwolf at hackmasters.net
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
smime.p7s
Description: S/MIME Cryptographic Signature
