[Openca-Users] OCSP doesn't work with revoked certificates.

[Lucio Pe�a Garc�a]

Hi!!

I'm a bit desperated, since the past week the OCSP Server doesn't work with
revoked certificates :( and I don't know what happen... 

I'm install the OpenCA PKI in another machine and I install the OCSP another
time, I generated the CRL with certificates good and revoken, but the problem
repeat!!

I send us my CRL, I think it's OK but...

Please, help me..

Lucio

#---------------------------------
Hi!!,
 
 I'm testing the OCSP Sever response for a revoked certificate, so I revoke the
 certificate and update the CRL with OpenCA. I'm using the
 'file:///.../cacrl.pem' method in my ocspd.config. The crl is update, but when I
 request for the revoked certificate (03.pem) with openssl client
 
 /usr/local/ssl/bin/openssl ocsp -issuer cacerts/cacert.pem -cert certs/03.pem
 -CAfile cacerts/cacert.pem -url http://localhost:2560
 
 the response is
 
 Responder Error: malformedrequest (1)
 
 In the messages.log I can see
 
 Jul 18 21:21:12 localhost ocspd[3122]: OCSP Daemon setup completed
 Jul 18 21:21:12 localhost ocspd[3122]: Configuration loaded and parsed
 Jul 18 21:21:12 localhost ocspd[3123]: successfully binded to *:2560
 Jul 18 21:21:15 localhost ocspd[3123]: Spawned child process [3125]
 Jul 18 21:21:15 localhost ocspd[3125]: request for certificate serial 3
 Jul 18 21:21:15 localhost ocspd[3125]: certificate 3 is revoked
 Jul 18 21:21:15 localhost ocspd[3125]: error while retriving info from CRL
 Jul 18 21:21:15 localhost ocspd[3125]: Error in generating response
 
 If I use the OCSP server developed by TORSEC ;) with the same crl and the same user
 
 ./ocspsrv -port 10013 -crl
 /usr/local/openca-0.9.1.2/CA/OpenCA/var/crypto/crls/cacrl.pem -CAcert
 /home/todos/certs/ca/certs/cacert.pem -cert /home/todos/certs/ocspd_cert.pem
 -key /home/todos/PFC/certs/ocspd_key.pem
 
 the response is
 
 /usr/local/ssl/bin/openssl ocsp -issuer cacerts/cacert.pem -cert certs/03.pem
 -CAfile cacerts/cacert.pem -url http://localhost:10013
 WARNING: no nonce in response
 Response verify OK
 certs/03.pem: revoked
         This Update: Jul 18 19:15:35 2003 GMT
         Next Update: Aug 17 19:15:35 2003 GMT
         Revocation Time: Jul 18 19:14:32 2003 GMT
 
 Can anybody help me?
 
 Thanks in advanced
 
    Lucio.

crl.tar.gz
Description: GNU Zip compressed data