Thank you. Yes, I got a positive response this time. It said 'Response Verifiy OK'. My user certificates seem to be having a problem now, and I am checking this.
Thanks for your help Pramila -----Original Message----- From: Massimiliano Pala [mailto:[EMAIL PROTECTED]] Sent: 20 June 2002 18:28 To: Pramila Rani Subject: Re: [Openca-Users] OpenCA-OCSPD Pramila Rani wrote: > > Thanks Massimiliano , > I tried out the Role creation and it went thru fine and I could generate a OCSP >Signer certificate. > Unfortunately, even after using the generated OCSP signer certificate, I am still >getting the response as [...] > should I use in the ocspd.conf ? When I tried changing to > $opencaprefix/OpenCA/var/crypto/chain/cacert.pem , the following was the message : > Response Verify Failure > 17015:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify >error:ocsp_vfy.c:122:Verify error:self signed certificate in certificate chain In the Response section of the ocspd.conf file you should use: dir = /usr/local/etc/ocspd ocsp_add_response_certs = $dir/certs/cacert.pem where the $dir is where the ocspd files are located and the ocsp_add_response_certs should point to a file (PEM) containing the whole chain (from the root ca to your ca): these certificates will be included in the response. You should also use the 'openssl ocsp' command for building the request with the list of the "trusted" certificate specified using the '-CAfile' or '-CAdir' options, if you have a self-signed ca use this: $ openssl ocsp -issuer cacert.pem -serial 0B -host host:port \ -CAfile cacert.pem You should get a positive answer now. -- C'you, Massimiliano Pala --o------------------------------------------------------------------------- Massimiliano Pala [OpenCA Project Manager] madwolf at cpan.org madwolf at openca.org http://www.openca.org madwolf at hackmasters.net http://openca.sourceforge.net Mobile: +39 (0)347 7222 365 ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
