[Libpki-users] I am unable to send OCSP request to ejbca CA

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Max,

Below is the code i coded to send ocsp request, but ejbca is not receiving
the request.Can you point out any thing I missed?

PKI_X509_CERT *certtochk = PKI_X509_CERT_get("cert.pem", NULL, NULL));
PKI_X509_OCSP_REQ *ocspreq = NULL;
  ocspreq = PKI_X509_OCSP_REQ_new();
PKI_X509_OCSP_REQ_add_cert(ocspreq, certtochk, cacert, digest);
PKI_X509_OCSP_REQ_add_nonce(ocspreq, 0);
PKI_X509_OCSP_REQ_sign(ocspreq, pkey, certtochk, cacert, NULL, digest);
OCSP_REQUEST_print(outbio, ocspreq->value, 0);
char* urlStr = "http://192.168.0.1:8080/ejbca/publicweb/status/ocsp";
PKI_X509_OCSP_REQ_STACK *sk = NULL;
if(( sk = PKI_STACK_OCSP_REQ_new()) == NULL ) return (PKI_ERR);
PKI_STACK_OCSP_REQ_push( sk, ocspreq );
BIO *membio = BIO_new(BIO_s_mem());
curr_req= PKI_STACK_OCSP_REQ_get_num( sk, 0 );
i2d_OCSP_REQUEST_bio( membio,(OCSP_REQUEST *) curr_req->value );
BIO_get_mem_ptr(membio, &buf_mem);
PKI_MEM_add( pki_mem, buf_mem->data, (size_t) buf_mem->length );
URL *url = NULL;
url = URL_new (urlStr);
URL_put_data_url ( url, pki_mem, (char *) mime, &ocsprespmem, 60, 0, ssl);
PKI_MEM_printf(pki_mem);

here is the request print, seems to me fine, from debug prints, it seems
connection is successfull with server.

OCSP Request Data:
    Version: 1 (0x0)
    Requestor Name: DirName: CN = scepclient.com, O = Corporation, ST = CA,
C = US
    Requestor List:
        Certificate ID:
          Hash Algorithm: sha1
          Issuer Name Hash: 4145F8A5CCF07E01EBF1D22D40A1E29392B1E02E
          Issuer Key Hash: FE537B40381C97926B154ED8E9288BDF47B422AA
          Serial Number: 4C3BB2CF27678EE8
    Request Extensions:
        OCSP Nonce:
            04107031089647AB3DF9168C3AEAC127C326
    Signature Algorithm: sha1WithRSAEncryption
        a0:01:4e:7b:72:b3:9a:95:3d:30:2f:d0:a7:fe:13:b4:13:8b:
        de:cb:e8:ba:24:87:af:81:9c:0a:d3:7c:e1:2f:39:dd:55:e7:
        9f:e9:e5:13:17:70:2f:f3:11:fc:37:fa:02:7a:9d:4c:69:04:
        64:15:37:fb:9f:58:5e:43:95:9e:a4:41:74:64:92:29:fa:a6:
        f6:0e:41:64:1b:d1:1f:1e:7d:0a:15:19:ac:b0:d5:15:49:1f:
        a3:36:aa:76:64:d7:dc:74:60:0a:ac:4a:f6:cb:26:d5:d4:cf:
        fe:d4:b4:e8:fe:4c:68:2f:eb:3d:7b:e1:14:3f:37:87:87:23:
        60:88:8a:a3:b8:02:b4:cd:fe:69:8e:bc:35:f0:69:32:af:29:
        31:ad:5e:e7:26:e4:9c:af:38:2b:77:b3:95:de:79:0e:58:9f:
        d4:97:30:f5:98:00:66:4b:70:1c:85:f4:d4:b2:36:09:0e:20:
        14:8d:18:21:87:4b:9a:24:6d:d6:db:44:82:7c:c1:f7:62:a5:
        e6:9c:11:ea:7c:90:d6:86:cf:84:31:61:87:5d:66:9b:b7:58:
        d1:be:ec:1c:0e:80:b0:ec:bb:4b:fe:50:62:f5:d5:00:72:17:
        1b:79:79:d5:91:61:2a:1c:0d:a8:ab:c4:ca:fc:16:c8:49:e5:
        83:e4:f8:70
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:3b:b2:cf:27:67:8e:e8
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=AdminCA1, O=EJBCA Sample, C=SE
        Validity
            Not Before: Feb 25 14:51:15 2011 GMT
            Not After : Feb 25 14:51:15 2012 GMT
        Subject: CN=scepclient.com, O=Corporation, ST=California, C=US
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:c9:dd:ca:66:46:f5:a9:12:47:e3:39:4a:cc:9e:
                    39:35:64:91:80:63:66:37:b4:0f:6c:78:e7:1a:0c:
                    2f:d6:d9:e8:18:fc:41:59:0f:59:98:a0:52:41:36:
                    a1:0d:5a:ce:31:f1:50:45:4d:70:60:88:28:72:1f:
                    b8:96:f3:52:ee:8c:15:2d:fc:4d:70:74:58:09:24:
                    b1:f6:71:9f:34:67:09:56:9e:4a:87:b7:d8:f1:86:
                    cd:dd:8e:38:92:70:73:fa:e5:b7:1a:2a:05:68:b9:
                    b0:69:6f:1f:9f:11:82:65:c9:00:19:91:df:91:f2:
                    dd:78:23:48:6a:e0:a0:5e:27:6f:21:ed:52:aa:68:
                    81:83:db:10:c2:ac:33:01:3a:e0:a1:3a:ee:4e:08:
                    f8:4a:a5:f7:be:8e:c5:a8:3e:f3:5e:f0:95:06:41:
                    d1:55:8c:2e:c4:b5:53:92:d3:57:fc:23:01:c4:e7:
                    ba:9d:92:f0:f9:06:53:6c:f1:d3:e7:8e:4a:58:21:
                    1e:85:b8:b5:48:e5:d6:4d:52:43:8c:62:8c:48:79:
                    6f:3d:40:eb:27:98:10:67:2e:f1:db:3e:96:94:d9:
                    6e:dc:2b:5f:24:2a:78:f7:b8:af:a6:d5:da:8e:f6:
                    b6:47:73:b9:6e:5b:d5:5d:ef:9e:01:9b:af:16:80:
                    12:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:C1:65:36:29:FA:2A:18:64:30:58:DF:00:4E:60:0A:8A:95:D2:FB
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Authority Key Identifier:

keyid:FE:53:7B:40:38:1C:97:92:6B:15:4E:D8:E9:28:8B:DF:47:B4:22:AA
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Client Authentication
            X509v3 Subject Alternative Name:
                DNS:scepclient.com
    Signature Algorithm: sha1WithRSAEncryption
        4e:25:20:11:33:e6:f7:50:70:29:22:88:6a:48:4b:cc:be:16:
        5b:ef:d6:ee:e2:a7:7b:87:eb:af:30:18:c6:9f:a7:23:ce:73:
        eb:f2:47:cb:63:b1:39:d3:e0:6b:5c:e7:b6:bd:e8:d8:10:f1:
        3e:43:30:67:2d:69:2e:36:cf:b2:1c:1d:8d:a0:1e:4d:94:2b:
        8e:8a:96:d3:14:c8:7a:49:fd:3b:53:b2:0f:a2:ad:52:36:e5:
        ac:79:9c:e8:ee:ef:66:b7:5c:9d:df:6f:45:42:ec:a4:d3:4f:
        f7:36:5f:4a:bd:6e:d4:70:2b:8e:fe:14:09:8c:f2:49:5c:1a:
        44:5d:e0:6e:e8:e6:a6:55:c1:34:20:55:79:44:d5:ad:a8:28:
        75:4e:05:ae:9b:61:73:16:73:98:e9:23:21:ff:68:62:37:83:
        77:6d:90:8a:e2:61:ba:94:33:cb:2e:6f:76:84:16:e0:27:1d:
        a6:cb:20:c9:a5:8b:c3:5c:27:57:47:96:7a:22:ae:34:e2:fb:
        f8:a2:0f:ca:43:f9:3d:b5:09:f3:4c:1e:62:f5:7d:a6:e5:80:
        20:3a:81:95:8d:8f:03:3a:2f:8d:eb:ca:c9:a9:33:0f:80:65:
        4c:b9:e8:13:47:a3:b0:7d:e8:26:e2:02:c2:14:7c:26:5f:89:
        db:bc:9e:28
Feb 25 15:31:31 2011 GMT [17051] INFO:
[net/pki_socket.c:123]::DEBUG::Creating a simple connection
Feb 25 15:31:31 2011 GMT [17051] INFO: [net/sock.c:322]::DEBUG::Connection
Successful to 192.168.0.1:8080
Feb 25 15:31:31 2011 GMT [17051] INFO: [net/sock.c:498]::DEBUG::Read 1024
bytes from socket
Feb 25 15:31:31 2011 GMT [17051] INFO: [net/sock.c:498]::DEBUG::Read 539
bytes from socket
Feb 25 15:31:31 2011 GMT [17051] INFO: [net/http_s.c:227]::DEBUG::HTTP DATA
=> size (349->1214)
-----BEGIN OCSP REQUEST-----
MIIFrTCB0aFjpGEwXzEeMBwGA1UEAwwVc2NlcGNsaWVudC5tb2NhbmEuY29tMRsw
GQYDVQQKDBJNb2NhbmEgQ29ycG9yYXRpb24xEzARBgNVBAgMCkNhbGlmb3JuaWEx
CzAJBgNVBAYTAlVTMEUwQzBBMAkGBSsOAwIaBQAEFEFF+KXM8H4B6/HSLUCh4pOS
seAuBBT+U3tAOByXkmsVTtjpKIvfR7QiqgIITDuyzydnjuiiIzAhMB8GCSsGAQUF
BzABAgQSBBBwMQiWR6s9+RaMOurBJ8MmoIIE1TCCBNEwDQYJKoZIhvcNAQEFBQAD
ggEBAKABTntys5qVPTAv0Kf+E7QTi97L6Lokh6+BnArTfOEvOd1V55/p5RMXcC/z
Efw3+gJ6nUxpBGQVN/ufWF5DlZ6kQXRkkin6pvYOQWQb0R8efQoVGayw1RVJH6M2
qnZk19x0YAqsSvbLJtXUz/7UtOj+TGgv6z174RQ/N4eHI2CIiqO4ArTN/mmOvDXw
aTKvKTGtXucm5JyvOCt3s5XeeQ5Yn9SXMPWYAGZLcByF9NSyNgkOIBSNGCGHS5ok
bdbbRIJ8wfdipeacEep8kNaGz4QxYYddZpu3WNG+7BwOgLDsu0v+UGL11QByFxt5
edWRYSocDairxMr8FshJ5YPk+HCgggO5MIIDtTCCA7EwggKZoAMCAQICCEw7ss8n
Z47oMA0GCSqGSIb3DQEBBQUAMDcxETAPBgNVBAMMCEFkbWluQ0ExMRUwEwYDVQQK
DAxFSkJDQSBTYW1wbGUxCzAJBgNVBAYTAlNFMB4XDTExMDIyNTE0NTExNVoXDTEy
MDIyNTE0NTExNVowXzEeMBwGA1UEAwwVc2NlcGNsaWVudC5tb2NhbmEuY29tMRsw
GQYDVQQKDBJNb2NhbmEgQ29ycG9yYXRpb24xEzARBgNVBAgMCkNhbGlmb3JuaWEx
CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyd3K
Zkb1qRJH4zlKzJ45NWSRgGNmN7QPbHjnGgwv1tnoGPxBWQ9ZmKBSQTahDVrOMfFQ
RU1wYIgoch+4lvNS7owVLfxNcHRYCSSx9nGfNGcJVp5Kh7fY8YbN3Y44knBz+uW3
GioFaLmwaW8fnxGCZckAGZHfkfLdeCNIauCgXidvIe1SqmiBg9sQwqwzATrgoTru
Tgj4SqX3vo7FqD7zXvCVBkHRVYwuxLVTktNX/CMBxOe6nZLw+QZTbPHT545KWCEe
hbi1SOXWTVJDjGKMSHlvPUDrJ5gQZy7x2z6WlNlu3CtfJCp497ivptXajva2R3O5
blvVXe+eAZuvFoASswIDAQABo4GYMIGVMB0GA1UdDgQWBBQcwWU2KfoqGGQwWN8A
TmAKipXS+zAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFP5Te0A4HJeSaxVO2Oko
i99HtCKqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDAjAgBgNV
HREEGTAXghVzY2VwY2xpZW50Lm1vY2FuYS5jb20wDQYJKoZIhvcNAQEFBQADggEB
AE4lIBEz5vdQcCkiiGpIS8y+Flvv1u7ip3uH668wGMafpyPOc+vyR8tjsTnT4Gtc
57a96NgQ8T5DMGctaS42z7IcHY2gHk2UK46KltMUyHpJ/TtTsg+irVI25ax5nOju
72a3XJ3fb0VC7KTTT/c2X0q9btRwK47+FAmM8klcGkRd4G7o5qZVwTQgVXlE1a2o
KHVOBa6bYXMWc5jpIyH/aGI3g3dtkIriYbqUM8sub3aEFuAnHabLIMmli8NcJ1dH
lnoirjTi+/iiD8pD+T21CfNMHmL1fablgCA6gZWNjwM6L43rysmpMw+AZUy56BNH
o7B96CbiAsIUfCZfidu8nig=
-----END OCSP REQUEST-----
---------------------------------------

I run with openssl,which run success >openssl ocsp -issuer
AdminCA1.cacert.pem -CAfile AdminCA1.cacert.pem -cert cert.pem -req_text
-url http://192.168.0.1:8080/ejbca/publicweb/status/ocsp
OCSP Request Data:
    Version: 1 (0x0)
    Requestor List:
        Certificate ID:
          Hash Algorithm: sha1
          Issuer Name Hash: 4145F8A5CCF07E01EBF1D22D40A1E29392B1E02E
          Issuer Key Hash: FE537B40381C97926B154ED8E9288BDF47B422AA
          Serial Number: 4C3BB2CF27678EE8
    Request Extensions:
        OCSP Nonce:
            0410F4EA2A76F9CEBA624EF13A75A2F25792
Response verify OK
cert.pem: good
      This Update: Feb 25 15:43:17 2011 GMT
localhost src #

[Libpki-users] I am unable to send OCSP request to ejbca CA

Easy to use PKI library

[Libpki-users] I am unable to send OCSP request to ejbca CA