Hi Guys, as pointed out by some of you, the OCSPD tries to be compliant with the RFC. In that respect, it issues a "good" response status if the certificate is not among the revoked ones. Besides the fact that the responder is CRL based, this also prevent people for scanning the number of certificates issued by querying the OCSP server.
Later, Max Domaca Pastrva wrote:
Here's the thing,before sending any configuration files I'd like to post the problem description: The responder returns status:good for any serial number, even for those serial numbers that have never been issued. Only for serials that point on a revoked certificate the responder returns status:revoked. Everything else works fine, i.e. request that contain the certificate that is to be checked, return status:unkown|revoked|good - regarding the actual status of the certificate. Nice regards and thanks for the great workthink I gone buy me some stuff from the openCA online store ;)
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
Dartmouth Computer Science Dept Home Phone: +1 (603) 397-3883
PKI/Trust - Office 063 Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
