On Thu, 22 Jul 2021 17:29:32 GMT, Rajan Halade <rhal...@openjdk.org> wrote:
> I have updated revoked test certificate but this test may again fail in Sept > as test certificate expire leading to OCSP error. > > CA is not willing to issue test certificates with more than 90 day validity > so this test will fail every quarter. I am re-thinking the CA certification > testing approach to may be try a TLS connection with test websites. This will > ensure that test will pass as long as CA keeps test website updated. Have you thought about using a cached OCSPResponse to avoid the expiration issues? You would not be testing a live OCSP network request/response, but it might be an acceptable workaround for cases like this. ------------- PR: https://git.openjdk.java.net/jdk/pull/4877
