Guillaume Tamboise wrote:
Hello,I am trying to configure ocsp to serve revocations for certificates used by Cisco routers.
[...]
So... My certificates look good, OpenSSL as an OCSP client seems happy, but not the Cisco IOS... Anybody with experience on that matter?
I have not experience with Cisco and OCSP support, if we assume that the
implementation of OCSP from both parts are correct (with Firefox/Mozilla
I have interoperability), then it could be something tied to the profile
of the certificates you are using. Try to check that the keyUsage and
requirements from IOS about responder's certificate profile are met...
Let me know.
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
Tel.: +39 (0)11 564 7081
http://security.polito.it Fax: +39 178 270 2077
Mobile: +39 (0)347 7222 365
Politecnico di Torino (EuroPKI)
Certification Authority Informations:
Authority Access Point http://ca.polito.it
Authority's Certificate: http://ca.polito.it/ca_cert/en_index.html
Certificate Revocation List: http://ca.polito.it/crl02/crl.crl
--o------------------------------------------------------------------------
smime.p7s
Description: S/MIME Cryptographic Signature
