On Thu, Jul 18, 2013, redpath wrote: > *To recap I cleaned all the directories to assure nothing is wrong in them.* > *I still get a unknown response.* > These commands were run from a directory and produced the following output > to setup the OpenSSL OCSP Server > > *The output of the server is* > > OCSP Request Data: > Version: 1 (0x0) > Requestor List: > Certificate ID: > Hash Algorithm: sha1 > Issuer Name Hash: *D56D19422F523984CFB9477E7D39A8176AE3811C* > Issuer Key Hash: D3ADBBBB03E8FDA8102D0BB95DC221A37FE58595 > Serial Number: *1000* > Request Extensions: > OCSP Nonce: > 0410399CE9BDA5DD039B381C75092B7E3137 > > I then run this command > > *openssl ocsp -issuer ./demoCA/cacert.pem -serial 0x1000 -text * > OCSP Request Data: > Version: 1 (0x0) > Requestor List: > Certificate ID: > Hash Algorithm: sha1 > Issuer Name Hash: *D56D19422F523984CFB9477E7D39A8176AE3811C* > Issuer Key Hash: 83551DA56838E8893B6BCDD70865A9F23167F4E0 > Serial Number: *1000* > Request Extensions: > OCSP Nonce: > 04107A6A2A916348D63165C7C18889AC06CC > > > *openssl version* > OpenSSL 1.0.1e 11 Feb 2013 > > ***********I still get unknown as a response.******** >
As you can see above the issuer key hash is different. Whatever process you are using to generate the OCSP request is broken. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
