Damn ! I've got a new error now ... The responder is working when i'm using it on my local network (192.168.3.0). No problem to use it with an ocsp request generated by the openssl toolkit or with the mozilla feature.
But, when i'm requesting it from another ip range(192.168.2.0), I've got an error: ----------------------------------------------------------------------------------------------- $openssl ocsp -issuer ca.crt -cert webmail-signed-cert.pem -url http://ocsp.microgate.fr:80 -text > ocsp_response Response Verify Failure 2599:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error::ocsp_vrfy.c:122:Verify error:unable to get local issuer certificate ----------------------------------------------------------------------------------------------- And the SAME COMMAND is working when i'm connected to the first local network... I've tested this through the Internet and through an access point, it's the same error. So, is anyone here who can help me ? :) Julien Julien VEHENT <[EMAIL PROTECTED]> a �crit :
WONDERFUL !!! it works it was just the path of my ocsp.pem in ocsp_add_response_certs thank you Michael Michael Bell <[EMAIL PROTECTED]> a �crit :Hi Julien, first I'm not a OCSP guru. I only know X.509 and all my statements follow simple X.509 logic. Julien VEHENT wrote:My problem is that the daemon returns me an error when it received a request: [EMAIL PROTECTED]:~/Stage$ openssl ocsp -issuer ca.crt -CAfile ca.crt -cert webmail-signed-cert.pem -url http://ocsp.microgate.fr:80[1] -text...Response Extensions: OCSP Nonce: 0410C244CB64A059EBBA2488D2B94F5FCF58 Response Verify Failure 11565:error:27069076:OCSP routines:OCSP_basic_verify:signer certificate not found:ocsp_vfy.c:85:So this means you are missing a certificate which you need to verify the OCSP response.authority:/# ocspd -d -v -c /var/certificats/ocspd/ocspd.confMay 25 17:47:29 authority ocspd[30427]: variable lookup failed for ocsp_response::ocsp_add_response_certsThis means that the option ocsp_add_response_certs is not present in your OCSP configuration. If you add the signer's certificate to this option then perhaps it is known to the OCSP client if there is trust for the CA. Michael -- _______________________________________________________________ Michael Bell Humboldt-Universitaet zu Berlin Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 [EMAIL PROTECTED] D-10099 Berlin _______________________________________________________________------------------------------------------------------------------ J. VEHENT [EMAIL PROTECTED] ------------------------------------------------------------------ Microgate | 02.47.66.95.01 | www.microgate.fr
------------------------------------------------------------------ J. VEHENT [EMAIL PROTECTED] ------------------------------------------------------------------ Microgate | 02.47.66.95.01 | www.microgate.fr
binVMIntDvaoG.bin
Description: Clef publique PGP
