Hello Dmitrij, Dmitrij Mironov wrote, > You need to edit ../openca/etc/openssl/extfiles/xxxxxxxx.ext.template > and insert this line (edit it to satisfy your needs): > > authorityInfoAccess = OCSP;URI:http://HOST.DOMAIN.COM:2560 > > 2560 - port
Thanks! That helped me out. In the meantime I found the corresponding section in openca/etc/openssl/openssl.cnf.template. authorityInfoAccess is predefined there and as this is the template for the CA certificate it also is the correct place :-) I had a look to the RFCs and decided to only link the OCSP in the CA cert. I think I will do the same with the other crl distribution point entries because I found out some incompatibilities with Microsoft software (what else) when you have the crl linked on the corresponding certificate and in the ca cert (outlook or exchange owa e.g. gives a failure while checking the crl). Anyway, Thawte for example does not have the crl links in all certs eather :-) Regards from Stuttgart Julian ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
