Bug 249087
Summary: | How to read OCSPClient's output | ||
---|---|---|---|
Product: | Red Hat Certificate System | Reporter: | Issue Tracker <tao> |
Component: | OCSP Responder | Assignee: | Matthew Harmsen <mharmsen> |
Status: | CLOSED NOTABUG | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.2 | CC: | benl, jgalipea, tao |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-01-08 19:19:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Issue Tracker
2007-07-20 20:13:13 UTC
I am using OCSPClient to submit OCSP request. The output is DER encoding. I try to use openssl to look at and got a error message. Questions: 01) What is correct command/utility to look at DER encoding? 02) What is following error message mean when I use opensll to decoding it? # openssl ocsp -respin t2 -text . . . Response Verify Failure 32357:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error:ocsp_vfy.c:122:Verify error:self signed certificate in certificate chain This event sent from IssueTracker by mrhodes [SEG - Certificate System Engineering] issue 127035 Issue Registered (Severity: 3) File uploaded:OCSPClient-output.der This event sent from IssueTracker by mrhodes [SEG - Certificate System Engineering] issue 127035 it_file 96840 Hello, It appears that openssl is complaining about the self signed certificate. You need to use a vaild certificate (-CAfile file, -CApath pathname) or the -noverify option. If this does not answer your question please let me know. --Colin Devine Internal Status set to 'Waiting on Customer' Status set to: Waiting on Client This event sent from IssueTracker by mrhodes [SEG - Certificate System Engineering] issue 127035 hi Colin, Thanks for your information. I try -CAfile option this time. I got "response contains no revocation data" # openssl ocsp -CAfile /root/AOL-ROOT-CA.cert -respin t2 -text . . . Response Verify Failure 32403:error:2706B06F:OCSP routines:OCSP_CHECK_IDS:response contains no revocation data:ocsp_vfy.c:265: 32403:error:2706B06F:OCSP routines:OCSP_CHECK_IDS:response contains no revocation data:ocsp_vfy.c:265: Internal Status set to 'Waiting on Support' Status set to: Waiting on Tech This event sent from IssueTracker by mrhodes [SEG - Certificate System Engineering] issue 127035 0 30 3316: SEQUENCE { 4 0A 1: ENUMERATED CRYPT_MODE_NONE (0) 7 A0 3309: [0] { 11 30 3305: SEQUENCE { 15 06 9: OBJECT IDENTIFIER '1 3 6 1 5 5 7 48 1 1' 26 04 3290: OCTET STRING : 30 82 0C D6 30 50 A0 03 02 01 00 A1 36 30 34 31 : 0F 30 0D 06 03 55 04 0A 13 06 41 4F 4C 50 4B 49 : 31 21 30 1F 06 03 55 04 03 13 18 4F 43 53 50 20 : 53 69 67 6E 69 6E 67 20 43 65 72 74 69 66 69 63 : 61 74 65 18 0F 32 30 30 37 30 37 31 39 31 35 31 : 38 32 37 5A 30 00 30 0D 06 09 2A 86 48 86 F7 0D : 01 01 05 05 00 03 82 01 01 00 25 DB 4A EC 0D FC : C0 B2 76 36 1D 55 19 A9 45 7E 45 D8 2E 4A B6 C8 : [ Another 3162 bytes skipped ] : } : } : } 0 warnings, 0 errors. This event sent from IssueTracker by mrhodes [SEG - Certificate System Engineering] issue 127035 0 30 3316: SEQUENCE { 4 0A 1: ENUMERATED CRYPT_MODE_NONE (0) 7 A0 3309: [0] { 11 30 3305: SEQUENCE { 15 06 9: OBJECT IDENTIFIER '1 3 6 1 5 5 7 48 1 1' 26 04 3290: OCTET STRING, encapsulates { 30 30 3286: SEQUENCE { 34 30 80: SEQUENCE { 36 A0 3: [0] { 38 02 1: INTEGER 0 : } 41 A1 54: [1] { 43 30 52: SEQUENCE { 45 31 15: SET { 47 30 13: SEQUENCE { 49 06 3: OBJECT IDENTIFIER : organizationName (2 5 4 10) 54 13 6: PrintableString 'AOLPKI' : } : } 62 31 33: SET { 64 30 31: SEQUENCE { 66 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 71 13 24: PrintableString 'OCSP Signing Certificate' : } : } : } : } 97 18 15: GeneralizedTime '20070719151827Z' 114 30 0: SEQUENCE {} : } 116 30 13: SEQUENCE { 118 06 9: OBJECT IDENTIFIER : sha1withRSAEncryption (1 2 840 113549 1 1 5) 129 05 0: NULL : } 131 03 257: BIT STRING 0 unused bits : 25 DB 4A EC 0D FC C0 B2 76 36 1D 55 19 A9 45 7E : 45 D8 2E 4A B6 C8 12 3F C5 83 1E 41 6B 7E 98 40 : 2E B5 5B 6D 1F 67 D8 DE 9C 6C A6 3C 77 FE BB 43 : 88 E1 4F A1 BC 8C 22 AD 7B 8E 09 C6 05 23 CD F8 : E3 9C E2 6C D8 BE 6D CC E5 93 C7 C5 75 3B D1 72 : 46 C3 3F 1D B1 53 12 3A 1E 79 2C 18 FA 16 67 6A : A7 B1 80 84 B2 D3 B3 5F 15 14 42 37 3C 9D F9 F0 : 18 F0 79 D8 64 FB 17 96 6E FF 57 AD 7F A0 E0 22 : [ Another 128 bytes skipped ] 392 A0 2924: [0] { 396 30 2920: SEQUENCE { 400 30 948: SEQUENCE { 404 30 668: SEQUENCE { 408 A0 3: [0] { 410 02 1: INTEGER 2 : } 413 02 4: INTEGER 20000028 419 30 13: SEQUENCE { 421 06 9: OBJECT IDENTIFIER : sha1withRSAEncryption (1 2 840 113549 1 1 5) 432 05 0: NULL : } 434 30 103: SEQUENCE { 436 31 11: SET { 438 30 9: SEQUENCE { 440 06 3: OBJECT IDENTIFIER countryName (2 5 4 6) 445 13 2: PrintableString 'US' : } : } 449 31 17: SET { 451 30 15: SEQUENCE { 453 06 3: OBJECT IDENTIFIER : stateOrProvinceName (2 5 4 8) 458 13 8: PrintableString 'Virginia' : } : } 468 31 15: SET { 470 30 13: SEQUENCE { 472 06 3: OBJECT IDENTIFIER : localityName (2 5 4 7) 477 13 6: PrintableString 'Dulles' : } : } 485 31 28: SET { 487 30 26: SEQUENCE { 489 06 3: OBJECT IDENTIFIER : organizationName (2 5 4 10) 494 13 19: PrintableString 'America Online Inc.' : } : } 515 31 22: SET { 517 30 20: SEQUENCE { 519 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 524 13 13: PrintableString 'AOL Member CA' : } : } : } 539 30 30: SEQUENCE { 541 17 13: UTCTime '070524170005Z' 556 17 13: UTCTime '090513170005Z' : } 571 30 52: SEQUENCE { 573 31 15: SET { 575 30 13: SEQUENCE { 577 06 3: OBJECT IDENTIFIER : organizationName (2 5 4 10) 582 13 6: PrintableString 'AOLPKI' : } : } 590 31 33: SET { 592 30 31: SEQUENCE { 594 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 599 13 24: PrintableString 'OCSP Signing Certificate' : } : } : } 625 30 290: SEQUENCE { 629 30 13: SEQUENCE { 631 06 9: OBJECT IDENTIFIER : rsaEncryption (1 2 840 113549 1 1 1) 642 05 0: NULL : } 644 03 271: BIT STRING 0 unused bits : 30 82 01 0A 02 82 01 01 00 CA 74 99 4B 23 DF 51 : 91 1B 1B DB 60 B3 5B BA A3 91 1C 3D 3E 3C F7 C0 : 3D B6 D5 D3 03 7B D9 20 9A 68 77 EE 3F B4 10 96 : 09 07 82 5C 62 25 5E 44 DF 45 34 90 4C D0 A7 09 : AA B8 18 AC 8E 68 C4 C9 C2 77 22 CD A2 A5 D4 7D : 5F 64 9B B5 96 12 E7 75 40 11 CF BA F7 37 FC 2E : 5C E5 FE 43 D5 5A AD EA 17 3E A7 B3 D8 4D 77 F1 : F3 FC 2F 5A 9F CC 29 3B 9C 49 68 F3 89 BB 17 D7 : [ Another 142 bytes skipped ] : } 919 A3 154: [3] { 922 30 151: SEQUENCE { 925 30 31: SEQUENCE { 927 06 3: OBJECT IDENTIFIER : authorityKeyIdentifier (2 5 29 35) 932 04 24: OCTET STRING, encapsulates { 934 30 22: SEQUENCE { 936 80 20: [0] : 29 FC 55 0D DE 74 46 03 17 D9 F6 28 FF 11 68 FE : EB 4C 00 1C : } : } : } 958 30 78: SEQUENCE { 960 06 8: OBJECT IDENTIFIER : authorityInfoAccess (1 3 6 1 5 5 7 1 1) 970 04 66: OCTET STRING, encapsulates { 972 30 64: SEQUENCE { 974 30 62: SEQUENCE { 976 06 8: OBJECT IDENTIFIER : ocsp (1 3 6 1 5 5 7 48 1) 986 86 50: [6] : 'http://ca-da.epki.sstest.office.aol.com:80/ca/oc' : 'sp' : } : } : } : } 1038 30 19: SEQUENCE { 1040 06 3: OBJECT IDENTIFIER : extKeyUsage (2 5 29 37) 1045 04 12: OCTET STRING, encapsulates { 1047 30 10: SEQUENCE { 1049 06 8: OBJECT IDENTIFIER '1 3 6 1 5 5 7 3 9' : } : } : } 1059 30 15: SEQUENCE { 1061 06 9: OBJECT IDENTIFIER '1 3 6 1 5 5 7 48 1 5' 1072 04 2: OCTET STRING : 05 00 : } : } : } : } 1076 30 13: SEQUENCE { 1078 06 9: OBJECT IDENTIFIER : sha1withRSAEncryption (1 2 840 113549 1 1 5) 1089 05 0: NULL : } 1091 03 257: BIT STRING 0 unused bits : 2B D4 BA A0 F2 6D 4B F3 3E 53 25 45 7A 55 F2 71 : A1 4F C7 B9 8A BB E9 6B D7 57 2E B4 46 B3 51 AF : 44 F3 63 0E 9F A8 B1 90 F0 8B 99 5E 0E D6 BE 6E : 75 84 FE 67 D4 5B 7E EE 63 0E 4F B8 42 97 4C 02 : 5E E8 18 98 BD BA 57 5C F1 49 88 97 FA 03 48 8C : F9 17 06 5C 95 D7 AF F7 43 01 C6 61 45 75 55 EE : 12 7E FD 52 DB C5 73 9E CF 5E 02 01 45 10 EC 36 : D9 18 6C BE 71 2E 35 30 54 5E 32 F2 AE 11 54 6D : [ Another 128 bytes skipped ] : } 1352 30 991: SEQUENCE { 1356 30 711: SEQUENCE { 1360 A0 3: [0] { 1362 02 1: INTEGER 2 : } 1365 02 1: INTEGER 6 1368 30 13: SEQUENCE { 1370 06 9: OBJECT IDENTIFIER : md5withRSAEncryption (1 2 840 113549 1 1 4) 1381 05 0: NULL : } 1383 30 108: SEQUENCE { 1385 31 11: SET { 1387 30 9: SEQUENCE { 1389 06 3: OBJECT IDENTIFIER countryName (2 5 4 6) 1394 13 2: PrintableString 'US' : } : } 1398 31 28: SET { 1400 30 26: SEQUENCE { 1402 06 3: OBJECT IDENTIFIER : organizationName (2 5 4 10) 1407 13 19: PrintableString 'America Online Inc.' : } : } 1428 31 63: SET { 1430 30 61: SEQUENCE { 1432 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1437 13 54: PrintableString : 'SysSecTest America Online Root Certificate Autho' : 'rity 1' : } : } : } 1493 30 30: SEQUENCE { 1495 17 13: UTCTime '041101195942Z' 1510 17 13: UTCTime '371024195942Z' : } 1525 30 103: SEQUENCE { 1527 31 11: SET { 1529 30 9: SEQUENCE { 1531 06 3: OBJECT IDENTIFIER countryName (2 5 4 6) 1536 13 2: PrintableString 'US' : } : } 1540 31 17: SET { 1542 30 15: SEQUENCE { 1544 06 3: OBJECT IDENTIFIER : stateOrProvinceName (2 5 4 8) 1549 13 8: PrintableString 'Virginia' : } : } 1559 31 15: SET { 1561 30 13: SEQUENCE { 1563 06 3: OBJECT IDENTIFIER : localityName (2 5 4 7) 1568 13 6: PrintableString 'Dulles' : } : } 1576 31 28: SET { 1578 30 26: SEQUENCE { 1580 06 3: OBJECT IDENTIFIER : organizationName (2 5 4 10) 1585 13 19: PrintableString 'America Online Inc.' : } : } 1606 31 22: SET { 1608 30 20: SEQUENCE { 1610 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1615 13 13: PrintableString 'AOL Member CA' : } : } : } 1630 30 290: SEQUENCE { 1634 30 13: SEQUENCE { 1636 06 9: OBJECT IDENTIFIER : rsaEncryption (1 2 840 113549 1 1 1) 1647 05 0: NULL : } 1649 03 271: BIT STRING 0 unused bits : 30 82 01 0A 02 82 01 01 00 C3 A7 E1 9C 26 99 F1 : 73 C3 3D BD C7 9F 15 5B 27 F5 2F 28 32 7C EE 57 : B3 0E E0 70 D1 4B C0 B2 0B 3E 2F 4B 42 94 B8 5E : 10 3C 27 27 D4 BA 88 20 42 AC A0 FB 48 79 84 A7 : 28 5C 1C 62 EB A2 F9 AE 6F 0F A5 61 F2 72 4E E8 : 1B 9E 11 A9 E1 63 18 B2 86 E4 7A 37 DE 92 29 3C : 30 DE DD A4 F2 9E E9 BD D3 24 1A 70 F3 11 BC 9D : E5 C7 82 33 D0 A9 3F E8 EC 87 7D 1B C7 95 CB A9 : [ Another 142 bytes skipped ] : } 1924 A3 144: [3] { 1927 30 141: SEQUENCE { 1930 30 29: SEQUENCE { 1932 06 3: OBJECT IDENTIFIER : subjectKeyIdentifier (2 5 29 14) 1937 04 22: OCTET STRING : 04 14 29 FC 55 0D DE 74 46 03 17 D9 F6 28 FF 11 : 68 FE EB 4C 00 1C : } 1961 30 14: SEQUENCE { 1963 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 1968 01 1: BOOLEAN TRUE 1971 04 4: OCTET STRING, encapsulates { 1973 03 2: BIT STRING 1 unused bits : '1100001'B : } : } 1977 30 17: SEQUENCE { 1979 06 9: OBJECT IDENTIFIER : netscape-cert-type (2 16 840 1 113730 1 1) 1990 04 4: OCTET STRING, encapsulates { 1992 03 2: BIT STRING 6 unused bits : '11'B : } : } 1996 30 31: SEQUENCE { 1998 06 3: OBJECT IDENTIFIER : authorityKeyIdentifier (2 5 29 35) 2003 04 24: OCTET STRING, encapsulates { 2005 30 22: SEQUENCE { 2007 80 20: [0] : 8D 30 5D 2A 42 AD 7A 3E 5E 8F 0D 0D 87 C1 EA 9E : A4 A7 3B 2D : } : } : } 2029 30 15: SEQUENCE { 2031 06 3: OBJECT IDENTIFIER : basicConstraints (2 5 29 19) 2036 01 1: BOOLEAN TRUE 2039 04 5: OCTET STRING, encapsulates { 2041 30 3: SEQUENCE { 2043 01 1: BOOLEAN TRUE : } : } : } 2046 30 23: SEQUENCE { 2048 06 3: OBJECT IDENTIFIER : subjectAltName (2 5 29 17) 2053 04 16: OCTET STRING, encapsulates { 2055 30 14: SEQUENCE { 2057 81 12: [1] 'fluo' : } : } : } : } : } : } 2071 30 13: SEQUENCE { 2073 06 9: OBJECT IDENTIFIER : md5withRSAEncryption (1 2 840 113549 1 1 4) 2084 05 0: NULL : } 2086 03 257: BIT STRING 0 unused bits : 0C 40 4F 19 D9 D8 F8 4F 95 4A 6D 0C C5 5C 50 B5 : 8D 66 CF 5E 8A BD 38 DD FD A5 BC 6E 2C FB 14 E1 : EB C6 B9 04 A0 B2 32 21 C1 03 67 53 51 07 47 2C : 55 1D E9 77 9C AB 6C 06 FA 46 76 6A 75 2A 51 41 : 17 1E 98 DE 4F B5 BC 7D 3E 92 B0 D1 71 90 98 FA : 7E 80 52 2A B5 20 0E F3 D7 25 05 5D 98 73 E6 8E : 68 FB 6D E4 C9 BE AC 32 0F 6E 06 46 B0 FB 83 B4 : 17 06 9D EF 6F 41 30 1D A9 7F 46 58 7F 83 7C 02 : [ Another 128 bytes skipped ] : } 2347 30 969: SEQUENCE { 2351 30 689: SEQUENCE { 2355 A0 3: [0] { 2357 02 1: INTEGER 2 : } 2360 02 1: INTEGER 1 2363 30 13: SEQUENCE { 2365 06 9: OBJECT IDENTIFIER : sha1withRSAEncryption (1 2 840 113549 1 1 5) 2376 05 0: NULL : } 2378 30 108: SEQUENCE { 2380 31 11: SET { 2382 30 9: SEQUENCE { 2384 06 3: OBJECT IDENTIFIER countryName (2 5 4 6) 2389 13 2: PrintableString 'US' : } : } 2393 31 28: SET { 2395 30 26: SEQUENCE { 2397 06 3: OBJECT IDENTIFIER : organizationName (2 5 4 10) 2402 13 19: PrintableString 'America Online Inc.' : } : } 2423 31 63: SET { 2425 30 61: SEQUENCE { 2427 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 2432 13 54: PrintableString : 'SysSecTest America Online Root Certificate Autho' : 'rity 1' : } : } : } 2488 30 30: SEQUENCE { 2490 17 13: UTCTime '041026040000Z' 2505 17 13: UTCTime '371026050000Z' : } 2520 30 108: SEQUENCE { 2522 31 11: SET { 2524 30 9: SEQUENCE { 2526 06 3: OBJECT IDENTIFIER countryName (2 5 4 6) 2531 13 2: PrintableString 'US' : } : } 2535 31 28: SET { 2537 30 26: SEQUENCE { 2539 06 3: OBJECT IDENTIFIER : organizationName (2 5 4 10) 2544 13 19: PrintableString 'America Online Inc.' : } : } 2565 31 63: SET { 2567 30 61: SEQUENCE { 2569 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 2574 13 54: PrintableString : 'SysSecTest America Online Root Certificate Autho' : 'rity 1' : } : } : } 2630 30 290: SEQUENCE { 2634 30 13: SEQUENCE { 2636 06 9: OBJECT IDENTIFIER : rsaEncryption (1 2 840 113549 1 1 1) 2647 05 0: NULL : } 2649 03 271: BIT STRING 0 unused bits : 30 82 01 0A 02 82 01 01 00 B2 D3 6D 71 72 D3 35 : F0 6F 45 07 88 70 95 33 27 DD D0 79 9B D7 87 13 : 04 33 19 1B 88 77 82 7C 25 74 B4 E4 24 2F 38 B1 : 23 E3 CB BC EE E1 1A AE E1 44 1B AB F2 D4 3D 5F : B1 B8 6F 62 21 C1 96 F7 AE FB D9 59 A1 16 68 CD : 29 58 B2 85 E3 73 44 DF 96 C6 8A 74 4E 75 78 6B : 03 22 17 37 93 5B 37 E0 85 00 64 B3 6E F0 5D 14 : 25 EC 53 E3 38 43 0F B2 E2 92 27 52 F1 FD 9F B4 : [ Another 142 bytes skipped ] : } 2924 A3 118: [3] { 2926 30 116: SEQUENCE { 2928 30 17: SEQUENCE { 2930 06 9: OBJECT IDENTIFIER : netscape-cert-type (2 16 840 1 113730 1 1) 2941 04 4: OCTET STRING, encapsulates { 2943 03 2: BIT STRING 0 unused bits : '11100000'B : } : } 2947 30 15: SEQUENCE { 2949 06 3: OBJECT IDENTIFIER : basicConstraints (2 5 29 19) 2954 01 1: BOOLEAN TRUE 2957 04 5: OCTET STRING, encapsulates { 2959 30 3: SEQUENCE { 2961 01 1: BOOLEAN TRUE : } : } : } 2964 30 29: SEQUENCE { 2966 06 3: OBJECT IDENTIFIER : subjectKeyIdentifier (2 5 29 14) 2971 04 22: OCTET STRING : 04 14 8D 30 5D 2A 42 AD 7A 3E 5E 8F 0D 0D 87 C1 : EA 9E A4 A7 3B 2D : } 2995 30 31: SEQUENCE { 2997 06 3: OBJECT IDENTIFIER : authorityKeyIdentifier (2 5 29 35) 3002 04 24: OCTET STRING, encapsulates { 3004 30 22: SEQUENCE { 3006 80 20: [0] : 8D 30 5D 2A 42 AD 7A 3E 5E 8F 0D 0D 87 C1 EA 9E : A4 A7 3B 2D : } : } : } 3028 30 14: SEQUENCE { 3030 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 3035 01 1: BOOLEAN TRUE 3038 04 4: OCTET STRING, encapsulates { 3040 03 2: BIT STRING 1 unused bits : '1100001'B : } : } : } : } : } 3044 30 13: SEQUENCE { 3046 06 9: OBJECT IDENTIFIER : sha1withRSAEncryption (1 2 840 113549 1 1 5) 3057 05 0: NULL : } 3059 03 257: BIT STRING 0 unused bits : 22 50 7D 5E 15 74 99 1D 58 6F 99 25 95 54 D7 26 : B5 E9 E1 DF 03 66 42 6B 2A 41 60 C2 8E 25 84 50 : 40 A9 6C 77 59 A8 6F A7 81 72 B3 03 33 AC 6D 59 : 40 74 29 B8 9C 76 51 EC C0 80 09 86 BD 79 00 51 : 2B 3F A3 FF BC 4F 43 F0 4D 65 B6 18 E0 AD 70 0F : BA DD 0E 86 85 47 5B 93 A7 36 63 20 74 88 87 B3 : BF 98 EB BE A8 87 35 64 50 CD 78 3C DB 7D 15 13 : 39 87 F9 8A 32 BF 6D A6 EE 53 08 1A 52 1D E8 A1 : [ Another 128 bytes skipped ] : } : } : } : } : } : } : } : } 0 warnings, 0 errors. This event sent from IssueTracker by mrhodes [SEG - Certificate System Engineering] issue 127035 We found that the OCSP response supplied by the customer does not contain any certificate status from the OCSP responder. We believe that the customer did not use the correct CA certificate when generating the OCSP request. We may want to know who generate the OCSP response. The response can be from the built-in service of a CA, or it can be from a standard OCSP responder. In either case, the CA that issues the certificate of which the serial number is being checked must be identified correctly in the OCSP request. If the customer is using our OCSPClient application, there is an option to specify a CA certificate. User nkwan's account has been closed |