Menu
▾
▴
Re: [Ejbca-develop] EJBCA ocsp verification error
|
From: Randy Yu <yu...@ec...> - 2014-09-09 15:04:30
|
Thanks Branko. The error differs when using OpenSSL ocsp command: 22:47:24,929 INFO [org.cesecore.certificates.ocsp.OcspResponseGeneratorSessionBean] (http--0.0.0.0-8080-3) Received OCSP request for certificate with serNo: 4391e01e01561076, and issuerNameHash: 1381ab5168453c9d28d2288f76020542ac6f556c. Client ip a.a.a.a. 22:47:24,945 INFO [org.cesecore.certificates.ocsp.OcspResponseGeneratorSessionBean] (http--0.0.0.0-8080-3) Unable to find CA certificate by issuer name hash: 1381ab5168453c9d28d2288f76020542ac6f556c, using the default responder to send 'UnknownStatus'. This occurs even if I provide the subca.pem with the -issuer switch. -----Original Message----- From: Branko Majic [mailto:br...@ma...] Sent: September-08-14 1:26 PM To: ejb...@li... Subject: Re: [Ejbca-develop] EJBCA ocsp verification error On September 8, 2014 6:43:43 PM CEST, Randy Yu <yu...@ec...> wrote: >Here is the ocsp request from OpenSSL in base64 format. I'm not sure >how to achieve the same thing with CertUtil as I don't see an option >like OpenSSL has -reqout switch. > >Thanks. > Hm... Do you get the same error when using the OpenSSL ocsp tool? That is a tool that I commonly use for testing our installations, and it usually works flawlessly (both EJBCA and the tool). -- Branko Majic Jabber: br...@ma... Please use only Free formats when sending attachments to me. Бранко Мајић Џабер: br...@ma... Молим вас да додатке шаљете искључиво у слободним форматима. ------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
