From: CpServiceSPb . <cps...@gm...> - 2016-08-02 21:09:35
|
What do I have to specify as default token at ocpsd.xml for multi ocspd fork from https://github.com/a157634/libpki & https://github.com/a157634/openca-ocspd ? I have RootCA, 2 Intermediate CAs issued by the Root, and servers/clients certificates issued by Intermediates ones. Each CAs has its own Ocsp cert/key pair. If I specify token with Ocsp issued by Root, when I check certificates issued by Intermediate CAs, I get error: [response.c:686] [DEBUG] CRL::CA [InterOcsp] nameHash mismatch (-153) [response.c:686] [DEBUG] CRL::CA [SrvVpnOcsp] nameHash mismatch (-5) [response.c:692] [DEBUG] CRL::CA [SrvW1COcsp] nameHash OK [response.c:707] [DEBUG] CRL::CA [SrvW1COcsp] issuerKeyHash OK I check server certificate issued by one of Intermediate CA, which is the last at alphabetical list. 2016-07-28 1:06 GMT+03:00 CpServiceSPb . <cps...@gm...>: > Is it 3.1.1. version or older ? > Does it really work ? > > 2016-07-27 17:09 GMT+03:00 Martin Hecht <he...@hl...>: > >> Ralf has posted two links to github about this question a few months ago >> on this list: >> https://sourceforge.net/p/openca/mailman/message/34452520 >> >> >> On 07/27/2016 12:02 PM, CpServiceSPb . wrote: >> > I have 1 Root CA, 3 different Intermediate CAs issued by the Root. >> > Each CA certificate as Root as Intermediates has its own Ocsp cet/key >> pair >> > to sign respondings. >> > I tried 3.1.1 version, but was failed. >> > >> > How is to set up such scheme and get it working ? >> > >> >> >> >> > |