Re: [Ejbca-develop] Missing OCSP Url in Certificate

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Ronald Osure wrote:
> I have successfully setup EJBCA on two boxes to serve the functions of both CA
> and OCSP on separate servers. The OCSP server answers correctly for
> certificates issued from the CA server.
> 
> My problem is that when I execute the below command to try and establish if an
> issued certificate has na OCSP Url, none is printed out and I believe it
> should be part of the certificate.
> 
> openssl x509 -noout -ocsp_uri -in TestUser.pem
> 
> What could I have missed in the configuration?

OCSP responder URLs are configured in the certificate profile.

For better flexibility with HA setup of external OCSP responders I would *not*
use the automatically generated URLs.

Ciao, Michael.