Hi All, I am building a certificate authority for local use. The goal is to have a CA to sign certificates for zVM, zVSE and Linux machines. I have the base CA available. I have tested this, import the public root certificate in my PC and indeed that is accepted for all certificates (such as zVM SSL) in bluezone sessions.
The next step is to look at CRL and OCSP. The CRL is made available in a webserver in the CA. But I didn’t manage to get the OCSP working. I can start the openssl ocsp responder but it doesn’t work. When I test a certificate in a local putty session I get a “unknown” response, when I let bluezone check the certificate it cannot connect to the ocsp responder. Port 8080 is used, it is opened in the firewall so I would expect bluezone would at least be able to connect to it. My first question is what to do with OCSP? Do I really need ocsp for my purpose? I have found some mixed views on that. Some browsers have dropped CRL support but otoh chrome doesn’t use ocsp. So instead of investigating the issues with ocsp should I just drop it and do without ocsp? And secondly, if I should setup ocsp, what might be the catch that prevents me from a successful validation? FYI, I have used the steps in jamielinux for building the CA, found at https://jamielinux.com/docs/openssl-certificate-authority/. Met vriendelijke groet/With kind regards/Mit freundlichen Grüßen, Berry van Sleeuwen Flight Forum 3000 5657 EW Eindhoven • +31 (0)6 22564276 [cid:image001.jpg@01CE3508.E10AE080] [cid:image002.jpg@01CE3508.E10AE080] This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, Atos’ liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. On all offers and agreements under which Atos Nederland B.V. supplies goods and/or services of whatever nature, the Terms of Delivery from Atos Nederland B.V. exclusively apply. The Terms of Delivery shall be promptly submitted to you on your request. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
