Robert Hannemann wrote: > Thanks for your fast reply, > > i forgott to ask for the option > > [ ocsp_req ] > default_keyfile = key.pem
This was an option for the request generation but it is not used,
you can simply remove or ignore the option.
> till now i get the following log-messages
>
>
> Oct 15 08:36:05 lrz-ca ocspd[11484]: Spawned child process [11487]
[...]
> Oct 15 08:36:05 lrz-ca ocspd[11489]: Child exiting correctly (0)
>
> and Mozilla say�s:
>
> cannot verify certificate for unknown reasons:
I sometimes got the same answer from Mozilla but I still have to understand
why this happens... it could be a Mozilla's bug but it could be an ocspd
bug as well.
Try using the command:
$ ocsp -issuer cacert.pem -CAfile cacert.pem \
-host ocsp.dom.org:2560 -cert cert_to_verify.pem
if this succeed probably it is some settings in Mozilla or a trust path
problem...
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
smime.p7s
Description: S/MIME Cryptographic Signature
