Hi,
when I was looking for an OCSP responder in January I also found
OpenCA.org and I also think it is dead.
If you want to use it, read the mailing list. Someone posted important
patches (against memory leaks and other things).
Another thing is, that I am not sure if an OCSP responder, which
Thanks saw that Ruby one also was not sure of it either and it was in Ruby
but will look at that much deeper. And I also saw the EJBCA and all the
orphans
I had to take in to have it work was too much for me. Geez its just a
responder come on.
--
View this message in context:
I am using OpenSSL version
OpenSSL 1.0.1e 11 Feb 2013
and the ocsp works fine.
openssl ocsp -index ./demoCA/index.txt -port 8082 -rsigner authocspsign.crt
-rkey ocspsign.key -CA ./demoCA/cacert.pem -text
and I issue a request and get a response nicely. But then I am using
char *url=
On 20-07-2013 13:39, redpath wrote:
Very nice tutorial
http://pki-tutorial.readthedocs.org/en/latest/
So the issue is that there is no real Certificate Management Trust system
available
handling concurrency issues for a Database that works seamless with
revocation commands and
OCSP responder.
On 23-07-2013 23:56, Steven Madwin wrote:
The short answers is no. An OCSP response has to be signed by the issuer (or
a delegate of the issuer) and a self-signed cert is issued by itself. As a
general rule certs can't revoke themselves so there is no need to get a
revocation response for a
I agree with this
Once again, I would like to advocate that the openssl verification code
should allow a self-signed certificate to revoke itself, using the same
mechanisms as for revoking anything else.
I was wondering how the root cert gets revoked. Anyway thanks for posting
that
-Original Message-
From: redpath
I agree with this
Once again, I would like to advocate that the openssl verification code
should allow a self-signed certificate to revoke itself, using the same
mechanisms as for revoking anything else.
I was wondering how the root cert
On 30.07.2013 19:51, Eisenacher, Patrick wrote:
I was wondering how the root cert gets revoked. Anyway thanks for posting
that request.
A self-signed certificate can't be revoked via a crl, because you won't be able
to successfully verify its signature.
keep in mind, that in case you detect a
On 30-07-2013 20:53, Walter H. wrote:
On 30.07.2013 19:51, Eisenacher, Patrick wrote:
I was wondering how the root cert gets revoked. Anyway thanks for
posting
that request.
A self-signed certificate can't be revoked via a crl, because you
won't be able to successfully verify its signature.