I am having a problem with running ocspd 1.9.0 with multiple CA's. What I am seeing (from reading the code *and* by running it live) is that all responses are signed by the key/cert configured for the first CA. Validation requests for the second CA are checked against the proper revocation list, yet the reply is signed with the first CA's key/cert, thus ignoring the ocspd_certificate and ocspd_key paramaters defined for it in the config file. Clients don't like those replies ...
Is this a deliberate design decision? Or just a coding mistake? It used to work with the older 1.5.2 version of ocspd, but that one has serious coding problems in the threading logic, so I cannot use it :-( Regards, Wytze van der Raay ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
