Hello, Please allow me to apologize if this topic has been covered extensively, but I am having challenges with OCSPD. It would appear the server does not like my CA certificate, which are EC based keys (P-384):
Aug 2 23:09:02 ocspd[28578]: ERROR parsing Pub Key from CA Cert [0] Aug 2 23:09:02 ocspd[28578]: CRL/CA check error [ ldap_ca_1:-3 ] Is ECC actually supported for the CA certs? Is it based on the version of OpenSSL? I have included the CA certificate (P-384), as well as the OCSP Signing certificate (RSA Keys) below. I find it hard to believe that no one else has had this issue. Thanks in advance for your time, and your patience! CA: -----BEGIN CERTIFICATE----- MIIEIzCCA6igAwIBAgIIVuVGsrO0FhowCgYIKoZIzj0EAwMwbTEgMB4GA1UEAwwX R3Jvb20gTGFrZSBMYWJzIFJvb3QgQ0ExIjAgBgNVBAsMGUNlcnRpZmljYXRpb24g QXV0aG9yaXRpZXMxGDAWBgNVBAoMD0dyb29tIExha2UgTGFiczELMAkGA1UEBhMC VVMwHhcNMTAwNzI1MTgwNjQzWhcNMTYwNzI1MTgwNjQzWjB0MScwJQYDVQQDDB5H cm9vbSBMYWtlIExhYnMgT3BlcmF0aW9uYWwgQ0ExIjAgBgNVBAsMGUNlcnRpZmlj YXRpb24gQXV0aG9yaXRpZXMxGDAWBgNVBAoMD0dyb29tIExha2UgTGFiczELMAkG A1UEBhMCVVMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASfTQNuEOhGL+XOELCF5tMT BbPrXVtYwCB98Bb0Ws6c832DkOQOUYPKHy0XXXcu+ZoaBHS/K/fJL6kWPEnCZy8m h2H1cIzgbF5lTKDgQeFK5Aj9DrM9d90cYHJLDElU3xKjggIMMIICCDCCARkGCCsG AQUFBwEBBIIBCzCCAQcwQwYIKwYBBQUHMAKGN2h0dHA6Ly9wa2kuZ3Jvb21sYWtl bGFicy5jb20vcmVwb3NpdG9yeS9nbGxfb2NhX2FpYS5wN2Mwgb8GCCsGAQUFBzAC hoGybGRhcDovL2xkYXAuZ3Jvb21sYWtlbGFicy5jb20vY249R3Jvb20lMjBMYWtl JTIwTGFicyUyME9wZXJhdGlvbmFsJTIwQ0Esb3U9Q2VydGlmaWNhdGlvbiUyMEF1 dGhvcml0aWVzLG89R3Jvb20lMjBMYWtlJTIwTGFicyxjPVVTP2NBQ2VydGlmaWNh dGU7YmluYXJ5LGNyb3NzQ2VydGlmaWNhdGVQYWlyO2JpbmFyeTAdBgNVHQ4EFgQU iuanLGKFH8FZ/wszwatzIIaeAMQwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAW gBS6t16sFjr9k5CPhr+DTblzufnz1jBBBgNVHSAEOjA4MAwGCisGAQQB+W8CAQEw DAYKKwYBBAH5bwIBAjAMBgorBgEEAflvAgEDMAwGCisGAQQB+W8CAQQwRQYDVR0f BD4wPDA6oDigNoY0aHR0cDovL3BraS5ncm9vbWxha2VsYWJzLmNvbS9yZXBvc2l0 b3J5L2dsbF9yb290LmNybDAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMDaQAw ZgIxAPjp0R38wRqkN+yvUTFJ3Bj8gNedPfwEW0rgHMy15s8P2NtRdbDUqNIz9/qm QJkTswIxAJjE36Yrxfpv+rLGPt4Jp5wwE1ubRpj4phtqM0NeFGQcn4iQOi1g/bIv qpVsuhkZHA== -----END CERTIFICATE----- OCSP Signer: -----BEGIN CERTIFICATE----- MIIFrTCCBTOgAwIBAgIIHphoourKIzAwCgYIKoZIzj0EAwMwdDEnMCUGA1UEAwwe R3Jvb20gTGFrZSBMYWJzIE9wZXJhdGlvbmFsIENBMSIwIAYDVQQLDBlDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0aWVzMRgwFgYDVQQKDA9Hcm9vbSBMYWtlIExhYnMxCzAJ BgNVBAYTAlVTMB4XDTEwMDgwMzAyMjUxMVoXDTEwMDgwNTAyMjUxMVowVzEcMBoG A1UEAwwTR0xMIE9DQSBPQ1NQIFNpZ25lcjEQMA4GA1UECwwHRGV2aWNlczEYMBYG A1UECgwPR3Jvb20gTGFrZSBMYWJzMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcN AQEBBQADggIPADCCAgoCggIBAMYK/A9j7i+cYbxQA57CLxfsmUknQ0biIkgzFpc6 /o9PjHw8Ap20JHUJK0EtWWftEiMgirNgX7EWj+u12NfL+VsK4CRX70GWrEZa7OQp /av1I1oIr3oFKwUP6b6xFBCutK6OCdIPfWUbeTDxuVkpgrImX41Z2qUXCkch8qTF GfMXYwXukj6A0Z3+m2KsS4HLfuzRnc6E3E/4Gowu8tn6ZJrSv+pUY7twvmZ77faz JMLCPKpuGAm8pEx0iE7H4DW7GlIqpg2S25eoYyL9evIIXE+65uxDBOolZ14LIP7c hInKuSMeqaZsmVVQqOao6a8jlTZLDBwQ/LxFO0DDkr9/F1mApA3PfnMlnO6nEej8 An89kjKkrY9P0LbHqWoHwB0gxm6C9xzIVaKXoDmu9JkhVVo5jLQXuLjEIGELduPc bXiIuOxOqPLHMFcJEwmORdB+jC/UfVKCViBZNB9qy7CUe9qKJgPynRZKi/BeHbJh k+OTHsDyPMx/J9HPksPMN+cm3LviCu1ZHV+ouW6bJ+PzVYQ7RIVVp8okJFggnOSe 2ubrtpi62QWkbyzal3VjtBMBJcFxvIorNCwLnSn92Zdi0aV4MekUN60SdYmEHRkv aRVjwYDfJv2BotO9S9zxgyOnUGW1gFOQr3N3Pvmu3TUADI8pJni1iBMXNM85EtWG 8qCZAgMBAAGjggH/MIIB+zCCARwGCCsGAQUFBwEBBIIBDjCCAQowRgYIKwYBBQUH MAKGOmh0dHA6Ly9wa2kuZ3Jvb21sYWtlbGFicy5jb20vcmVwb3NpdG9yeS9nbGxf b2NhX2VlX2FpYS5wN2Mwgb8GCCsGAQUFBzAChoGybGRhcDovL2xkYXAuZ3Jvb21s YWtlbGFicy5jb20vY249R3Jvb20lMjBMYWtlJTIwTGFicyUyME9wZXJhdGlvbmFs JTIwQ0Esb3U9Q2VydGlmaWNhdGlvbiUyMEF1dGhvcml0aWVzLG89R3Jvb20lMjBM YWtlJTIwTGFicyxjPVVTP2NBQ2VydGlmaWNhdGU7YmluYXJ5LGNyb3NzQ2VydGlm aWNhdGVQYWlyO2JpbmFyeTAdBgNVHQ4EFgQU8Vj8azNSJPE9bMgI9lO+Ojj21REw HwYDVR0jBBgwFoAUiuanLGKFH8FZ/wszwatzIIaeAMQwDwYJKwYBBQUHMAEFBAIF ADBBBgNVHSAEOjA4MAwGCisGAQQB+W8CAQEwDAYKKwYBBAH5bwIBAjAMBgorBgEE AflvAgEDMAwGCisGAQQB+W8CAQQwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG CCsGAQUFBwMJMCAGA1UdEQQZMBeBFXBraUBncm9vbWxha2VsYWJzLmNvbTAKBggq hkjOPQQDAwNoADBlAjBw4prUsSOlhEyosZ4Q7hhL09sT4PLgHK1csCR8GFg4ey0I JlsHXcbzT6ha31H9j3oCMQColvEoB9jkKeXeFsZzx1JFudJPY+dh/aa4p54U+unW 09sA4nlHKHf1Nx1Js5JFIsY= -----END CERTIFICATE----- -- Regards, Todd E. Johnson ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
