Hi, I am having problems getting firefox 2.0.0.8 to send requests to the OCSP responder listed in the Authority Info Access (AIA) extenstion within the certificates. I am sure it is something fairly simple.
On Firefox, I have enabled OCSP under "Edit"->"Preferences", the "Advanced" tab, "Encryption" tab, "Verification" window. I selected the radio button "Use OCSP to validate only certificates that specify an OCSP service URL". I have an HTTPS server that is sending a certificate that has the AIA extension. When I try and setup the connection, I get the usual certificate warnings and if I examine the server's certificate, I see it does have the AIA extension. The AIA lists three OCSP responders: Not Critical OCSP: URI: http://server1:9000 OCSP: URI: http://server2:9000 OCSP: URI: http://server3:9000 When I check the OCSP responder, I don't see any logs indicating it received an OCSP request from the host that I am running firefox on. I know the OCSP responder is working because it responds to requests from the same host using openssl ocsp from the command line. The openssl ocsp command is: openssl ocsp -issuer /tmp/cacert.pem -cert /tmp/cert.pem -text -CAfile /tmp/cacert.pem -url http://server1:9000 I have been trying different things over the past couple of days without much success. I did some google searches without finding much. I had a quick look at the source code and it looks like OCSP support is there. Any ideas why this isn't working for me? Any suggestions of things to try because I am out of ideas? Bruce _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
