The OCSP function is working as expected for both "good" and "revoked" responses. However, I find that it also allows "unknown" responses. Is the "unknown" response behavior adjustable?
Thanks, Mike ________________________________ From: Michael Magnuson <mmagnu...@sempervalens.com> Sent: Friday, June 28, 2019 10:38 AM To: users@tomcat.apache.org Subject: Re: OCSP Connector on Tomcat 8.5 not working Mark, I was able to get this working. Thank you again for all your help. The fix happened when I concatenated both the intermediate CA certificate and the root CA certificate into a single PEM file, and used it for the caCertificate= attribute. ________________________________ From: Mark Thomas <ma...@apache.org> Sent: Tuesday, June 25, 2019 12:41 PM To: users@tomcat.apache.org Subject: Re: OCSP Connector on Tomcat 8.5 not working On 25/06/2019 20:22, Michael Magnuson wrote: > > > Mark, thanks for the further clarification. With that setup, it prompts for > the smart card PIN and you can select your certificate, but then nothing > happens. The only way I can get it to successfully open the page is if I > also add the attributes trustStoreFile= and trustStorePass= but still no OCSP > action. Can you post your current configuration please. Please also list the certificate(s) in each of the keystores / PEM files. I'm wondering if the chain from the sever to the CA is missing. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
