Hi Dave, actually that seem to work fine. The error in OpenSSL is not really an error, it just does not have the issuer certificate of the OCSP server's certificate but the response is correctly parsed (status good).
I do not really understand, what is the issue you are having ? Later, Max On 11/13/2009 01:17 PM, blain...@gdls.com wrote:
Well, I hope I do ;) I guess the URL threw me because it had /ca/ca.html on it so I was expecting a response. openssl ocsp -issuer /appl/openca-ocspd-1.5.1/etc/ocspd/certs/cacert.pem -cert /appl/openca/openca/var/openca/crypto/certs/01.pem -url http://host:2560/ -resp_text -respout /tmp/ocspResp.der -CAfile /appl/openca-ocspd-1.5.1/etc/ocspd/certs/cacert.pem <http://host:2560/> .... Response Verify Failure 19659:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error:ocsp_vfy.c:122:Verify error:unable to get issuer certificate /appl/openca/openca/var/openca/crypto/certs/15.pem: good This Update: Nov 12 18:12:01 2009 GMT Next Update: Nov 13 16:46:03 2009 GMT I can eliminate this error by adding -VAoption
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
