g the requested certificate as revoked.
> « tryLater » is also a correct answer, even « internalError » if we
> consider the CRL as part of the internal state of the responder.
>
> Erwann Abalea
> [hidden email] <http:///user/SendEmail.jtp?type=node=61627=0>
>
> Le 10 déc. 201
Hi Walter,
I agree with your addition regarding the fact that it is not saying the
cert is good, it's saying unknown. However, my understanding of the RFC is
that unknown should be returned when the OCSP service does not know about
the certificate issuer. I'm not sure that's the case.
Regarding
Hey all, I am wondering if anyone here could point me in the right direction
or even assist with a problem I have having.
According to RFC 2560:
All definitive response messages SHALL be digitally signed. The key
used to sign the response MUST belong to one of the following:
-- the CA who
What I am saying is that one falls into the delegated trust model, and one
does not, but I should be able to validate either because RFC 2560 allows
for a Trusted Responder whose public key is trusted by the requester. I am
asking if mod_ssl in apache 2.4.x is RFC compliant. it seems to me openssl
