Thanks for help, Guillaume. Now OCSPD is working.
The problem was disapeared, when server was restarted :o). Unfortenately, now I don't see "Successfully binded to %s", as Guillaume mentioned, but this is not a problem, because OCSPD is responding to requests. I have tested it on selfsigned certficate CA environment and everything is went very well. Now I have problem with chained CA environment - after submitting this command: openssl ocsp -issuer ca3.pem -cert user_cert.pem -CAfile all_ca_chain.pem -url http://localhost:2560 -text I'm getting : Response Verify Failure 8076:error:2706A067:OCSP routines:OCSP_CHECK_DELEGATED:missing ocspsigning usage:ocsp_vfy.c:348: 8076:error:27069070:OCSP routines:OCSP_basic_verify:root ca not trusted:ocsp_vfy.c:148: user_cert.pem: good If I change CAfile from CA certs chain file to issuer CA cert file, i get: Response Verify Failure 8077:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error:ocsp_vfy.c:122:Verify error:unable to get local issuer certificate user_cert.pem: good Did somebody has working OCSPD with CA hierarchy and can comment here how to configure OCSPD and form openssl ocsp request string? And did somebody knows the meaning of "max_childs_num" configuration parameter and his value? WBR, Dmitrij > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Guillaume Tamboise > Sent: Wednesday, October 12, 2005 10:12 PM > To: [email protected] > Subject: Re: [Openca-Users] Problem starting OCSPd > > Wed 12 Oct 2005 à 04:08:14PM +0300, Dmitrij Mironov a écrit : > > Oct 12 15:59:17 srv041 ocspd[14451]: Error setting up > accept BIO Oct > > 12 15:59:17 srv041 ocspd[14451]: Can not setup socket, exit. > > It looks as if it is not able to create the accept socket > and/or bind an address to it. > Are you sure that nothing is currently listening to that port? > > What puzzles me is that you are supposed to get a > "Successfully binded to %s" > before this > "Error setting up accept BIO" > when you are in verbose mode, and I am not seeing it in your logs. > > -- > Guillaume Tamboise > > "First they ignore you, then they laugh at you, then they > fight you, then you win." -- Gandhi > > > ------------------------------------------------------- > This SF.Net email is sponsored by: > Power Architecture Resource Center: Free content, downloads, > discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl > _______________________________________________ > Openca-Users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openca-users > ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
