On Fri, 2003-07-18 at 12:22, Massimiliano Pala wrote:[...]
Openssl can now verify the ocsp-response and gives a message concerning the status of the certificate. Hope that's it.
Try using the option for adding certificates to the response:
ocsp_add_response_certs = $dir/certs/chain_certs.pem
where the chain_certs.pem (usually) is built by 'cat'-ing all certificates from the root CA to the responder's certificate and let me know if openssl cannot verify the response (with the former command).
I can not recall if you have done it but you should load the CA cert as a trusted certificate (I don't remember the exact keyword in the openssl ocsp command).
Let me know.
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
Tel.: +39 (0)59 270 094
http://www.openca.org Fax: +39 178 221 8225
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
smime.p7s
Description: S/MIME Cryptographic Signature
