[EMAIL PROTECTED] wrote:
> hi Massimiliano Pala,
Hi,
> im azhar ismail..
> currently try so using ocsp responder in linux..
[...]
> ocsp starting but when i check the status = stopped.
try also using the following command:
$ pgrep ocspd
if it shows at least one number your OCSP is up and running, maybe
a problem with the status script. Anyway start the ocspd by using
the command:
$ ocspd -c <config-file> -v
and check the syslog file (on most linux distro it is in /var/log/messages)
by using:
$ less /var/log/messages
and check the end of the log file for error messages coming from ocspd. The
most commons are:
* the User or the Group configured in the ocspd.conf do not exist in
your system (use useradd/groupadd to add them)
* the server does not have the rights to read/write to the cert/crls/pid
directories
> im already supply the
> - 3 cert (by openssl)
[...]
> - crl - im using ldap(but this crl not related to above cert)
The CRL should be related to one CA certificate you specify in the ca section
(in your case the ldap_ca_1 section).
I see you are missing a configuration option there, add this:
ca_entry_attribute = "cACertificate;binary"
> actually im want to make ocsp staring,is it important this crl to related
> to CA cert by crl for starting this ocsp.
[...]
??? The CRL should be related to the CA certificate in the CA section, the CA
certificate
specified in the default section is the one related to the server's certificate
only.
I hope this clarifies a bit the configuration (I really have to take some time
off to
write a good OCSPD guide... )
--- Max
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
