Hello all, I'm trying to little bit tune my OCSP server, based on OpenCA OCSP daemon and can not figure out why it does not work with CRL's via HTTP.
In ocsp.conf file I can choose file://// , http:// and ldap:// variants for obtaining CRL. file://// is working quite well. Now I want to switch to http:// . After changing this line: crl_url = file:////usr/local/etc/ocspd/crl/cacrl.crl to this line: crl_url = http://crl.company.com/myca/cacrl.crl (HTTP url is checked with wget - it is working.) I see some errors in ocsp log: May 16 14:01:25 srv041 ocspd[92530]: Error Loading CRL for [ q_vs_ca ] May 16 14:01:25 srv041 ocspd[92530]: CRL loaded [ q_vs_ca ] May 16 14:01:25 srv041 ocspd[92530]: CRL missing May 16 14:01:25 srv041 ocspd[92530]: CRL/CA check error [ q_vs_ca:-1 ] May 16 14:01:25 srv041 ocspd[92530]: No Entries for CRL (@q_vs_ca) May 16 14:01:25 srv041 ocspd[92530]: CRL loaded successfully [q_vs_ca] OCSP deamon version is 1.1.0. Sure I can update it to newest one, but maybe I just do something wrong with configuration? Also it is interesting for is it possible to log not only startup/rehash events, but ocsp requests facts also? Regards, Dmitrij ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
