Hi,

I am having problems getting firefox 2.0.0.8 to send requests to the OCSP
responder listed in the Authority Info Access (AIA) extenstion within the
certificates.  I am sure it is something fairly simple.

On Firefox, I have enabled OCSP under "Edit"->"Preferences", the "Advanced"
tab, "Encryption" tab,  "Verification" window.  I selected the radio button
"Use OCSP to validate only certificates that specify an OCSP service URL".

I have an HTTPS server that is sending a certificate that has the AIA
extension.  When I try and setup the connection, I get the usual certificate
warnings and if I examine the server's certificate, I see it does have the
AIA extension.  The AIA lists three OCSP responders:
Not Critical
OCSP: URI: http://server1:9000
OCSP: URI: http://server2:9000
OCSP: URI: http://server3:9000

When I check the OCSP responder, I don't see any logs indicating it received
an OCSP request from the host that I am running firefox on.

I know the OCSP responder is working because it responds to requests from
the same host using openssl ocsp from the command line.  The openssl ocsp
command is:
openssl ocsp -issuer /tmp/cacert.pem -cert /tmp/cert.pem -text  -CAfile
/tmp/cacert.pem -url http://server1:9000

I have been trying different things over the past couple of days without
much success.  I did some google searches without finding much.  I had a
quick look at the source code and it looks like OCSP support is there.

Any ideas why this isn't working for me?  Any suggestions of things to try
because I am out of ideas?

Bruce
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to