Now I don't know much more, except as Nelson already mentioned that the CA root might not be installed in the browser. If the problem persist, an actual certificate and domain responder location etc is needed in order to get a better picture.
Bruce Keats wrote: > OK. > > There is nothing special about any of the S/W I am using. I am running > fedora core 7 with all the latest updates from the Fedora Project. > > The OCSP responder is the openca-ocspd. > > The certificates are pretty basic. They have SKID, AKID, AIA, CKU and EKU. > The EKU is for a TLS Server. > > Anything else? > > As I mentioned, I don't see any requests from firefox. > > Bruce > > > On 11/1/07, Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]> wrote: > >> I can try to help you if you can provide some more details about the >> software you are using, examination of the certificate itself etc.You can >> send me mail also off-list if you feel more comfortable... >> >> -- >> Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org/> >> Jabber: [EMAIL PROTECTED] Blog: Join the >> Revolution!<http://blog.startcom.org/> >> Phone: +1.213.341.0390 >> >> Bruce Keats wrote: >> >> Hi, >> >> I am having problems getting firefox 2.0.0.8 to send requests to the OCSP >> responder listed in the Authority Info Access (AIA) extenstion within the >> certificates. I am sure it is something fairly simple. >> >> On Firefox, I have enabled OCSP under "Edit"->"Preferences", the "Advanced" >> tab, "Encryption" tab, "Verification" window. I selected the radio button >> "Use OCSP to validate only certificates that specify an OCSP service URL". >> >> I have an HTTPS server that is sending a certificate that has the AIA >> extension. When I try and setup the connection, I get the usual certificate >> warnings and if I examine the server's certificate, I see it does have the >> AIA extension. The AIA lists three OCSP responders: >> Not Critical >> OCSP: URI: http://server1:9000 >> OCSP: URI: http://server2:9000 >> OCSP: URI: http://server3:9000 >> >> When I check the OCSP responder, I don't see any logs indicating it received >> an OCSP request from the host that I am running firefox on. >> >> I know the OCSP responder is working because it responds to requests from >> the same host using openssl ocsp from the command line. The openssl ocsp >> command is: >> openssl ocsp -issuer /tmp/cacert.pem -cert /tmp/cert.pem -text -CAfile >> /tmp/cacert.pem -url http://server1:9000 >> >> I have been trying different things over the past couple of days without >> much success. I did some google searches without finding much. I had a >> quick look at the source code and it looks like OCSP support is there. >> >> Any ideas why this isn't working for me? Any suggestions of things to try >> because I am out of ideas? >> >> Bruce >> >> >> >> >> > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
