On Fri, 2003-07-18 at 17:27, Massimiliano Pala wrote: > Try using the option for adding certificates to the response: > > ocsp_add_response_certs = $dir/certs/chain_certs.pem > > where the chain_certs.pem (usually) is built by 'cat'-ing all certificates > from the root CA to the responder's certificate and let me know if openssl > cannot verify the response (with the former command). > Let me know.
Hi Max, the ocsp-Responder adds a cert-chain to the response, now I can use the option -CAfile instead of -VAfile: openssl ocsp -issuer certs/FhG-CA_cert.pem -cert certs/frankCert.pem -url http://data.bi.fhg.de:2560 -CAfile certs/FhG-CA_cert.pem Next I have to configure mozilla to use the ocsp-responder... By-the-way: Is it possible to use the ocsp-responder on the command-line, giving a ocsp-request and getting as a result the corresponding answer? I'm thinking about using the responder out of a perl-script. Thx -- bjoern ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
