Thank you, Massimiliano, for the answer, I think that mentioned trick is not an option for me. Will try to run as much OCSP responders, as I have CA's.
Is it known/planned the date of next OpenCA OCSPD version release? Regards, Dmitrij Massimiliano Pala wrote: > Hi Dmitrij, > > what you are saying is true, however there is a small trick you can use. > If you have the same keypair certified by all the CAs you want to support > and add the certificates to the response that should work, but I have not > tested it yet. > > For sure the new version will have more explicit support for multiple CA > certificates key/pairs. > > Ciao, > Max > > > Dmitrij Mironov wrote: >> Hi all, >> >> I'm using OpenCA OCSPD for about 2 years. Everything was ok (except >> useless logs), but now I found, that I can't conform to RFC2560 with >> that responder. >> >> As stated in 4.2.2.2 of RFC2560 - OCSP responder's "... certificate >> MUST be issued directly by the CA that issued the certificate in >> question." That means OCSP responder must know how to handle several >> its own keys and certificates if it is configured to work in multi CA >> configuration. >> >> OpenCA OCSPD v1.5.1 is able to work in multi CA configuration, but a >> do not see any possibility to configure it in accordance with >> mentioned RFC2560 requirement. Is it missing feature, bug or I need >> to RTFM? >> >> Regards, >> Dmitrij > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Stay on top of everything new and different, both inside and > around Java (TM) technology - register by April 22, and save > $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. > 300 plus technical and hands-on sessions. Register today. > Use priority code J9JMT32. http://p.sf.net/sfu/p > ------------------------------------------------------------------------ > > _______________________________________________ > Openca-Users mailing list > Openca-Users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openca-users > ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
