Hello Todd, no.. the topic has not been covered at all! Actually, you are the first one that is attempting to use the OCSP with EC certificates. Here's a list of the things you might want to check: - The version of OpenSSL you linked the OCSPD against supports ECDSA - CRL is correctly signed by the CA - Check that at runtime the OCSPD uses the correct OpenSSL libs (try using `ldd PATH/sbin/ocspd`)
Let me know the results! Cheers, Max On 08/02/2010 11:39 PM, Todd E. Johnson wrote:
Hello, Please allow me to apologize if this topic has been covered extensively, but I am having challenges with OCSPD. It would appear the server does not like my CA certificate, which are EC based keys (P-384): Aug 2 23:09:02 ocspd[28578]: ERROR parsing Pub Key from CA Cert [0] Aug 2 23:09:02 ocspd[28578]: CRL/CA check error [ ldap_ca_1:-3 ] Is ECC actually supported for the CA certs? Is it based on the version of OpenSSL? I have included the CA certificate (P-384), as well as the OCSP Signing certificate (RSA Keys) below. I find it hard to believe that no one else has had this issue. Thanks in advance for your time, and your patience!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
