Michael Str�der wrote:
>
> Rodney Thayer wrote:
> >
> > Verisign should have one.
>
> There seems to be something running at http://ocsp.verisign.com (DNS
> alias for status.verisign.net). But I've found no description how to
> use it.
>
The Verisign URL is mentioned in Netscape OCSP config:
http://ocsp.verisign.com/ocsp/status
this is one I've managed to get a reasonable reply out of. However the
certificate is a little odd (invalid encoding of authorityInfoAccess)
its cetificate is signed by the relevant root CA (which may not be the
issuing CA) and the reponses appear non standard. For example if you
give it a certificate it doesn't understand it comes back with an
"unauthorized" response or an HTTP error depending on what you do.
The Valicert one at:
http://ocsp2.valicert.net
which works with Thawte certs seems more compliant though.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
