error:unable to get local issuer certificate)
Date: Fri, 16 Jul 2010 14:27:05 -0400
Hi Luis:
See reply inline:
On July 16, 2010 11:05:46 am Luis Neves wrote:
snip
besides this, why I have to force httpd.conf with a SSLOCSPDefaultResponder
directive? Shouldnt the mod_ssl code discover
error:unable to get local issuer certificate)
Date: Fri, 16 Jul 2010 14:27:05 -0400
Hi Luis:
See reply inline:
On July 16, 2010 11:05:46 am Luis Neves wrote:
snip
besides this, why I have to force httpd.conf with a SSLOCSPDefaultResponder
directive? Shouldnt the mod_ssl code
Date: Thu, 15 Jul 2010 18:15:32 +0200
From: st...@openssl.org
To: openssl-users@openssl.org
Subject: Re: OCSP_basic_verify:certificate verify error (Verify error:unable
to get local issuer certificate)
On Thu, Jul 15, 2010, Luis Neves wrote:
some progress:
openssl ocsp
On Fri, Jul 16, 2010, Luis Neves wrote:
Ok, using your tip I confirmed that CA certificate is the CC0003.pem
Ive include it at the end of ca-bundle.crt, pem encoded like the others on
this file and used it as
openssl ocsp -issuer /etc/pki/tls/certs/CC0003.pem -cert
2010 13:18:16 +0200
From: st...@openssl.org
To: openssl-users@openssl.org
Subject: Re: OCSP_basic_verify:certificate verify error (Verify
error:unable to get local issuer certificate)
On Fri, Jul 16, 2010, Luis Neves wrote:
Ok, using your tip I confirmed that CA certificate
Hi Luis:
See reply inline:
On July 16, 2010 11:05:46 am Luis Neves wrote:
snip
besides this, why I have to force httpd.conf with a SSLOCSPDefaultResponder
directive? Shouldnt the mod_ssl code discover automatically the responder
address from the client certificate itself??
From your
Hi,
Can someone help me on this error?
Im using apache 2.3 and trying to configure OCSP to validate client
cerificates, but Is not working, and theres this errors on apache error_log:
It seems that Apache is not trusting the OCSP responder response, is that true?
Why not?. what I am doing
openssl ocsp -issuer /etc/pki/tls/certs/CC0001.pem -cert
/home/oracle/lneves.pem -url http://ocsp.root.cartaodecidadao.pt/publico/ocsp
-CAfile /etc/pki/tls/certs/ca-bundle.crt -resp_text
gives this response:
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type:
On Thu, Jul 15, 2010, Luis Neves wrote:
openssl ocsp -issuer /etc/pki/tls/certs/CC0001.pem -cert
/home/oracle/lneves.pem -url http://ocsp.root.cartaodecidadao.pt/publico/ocsp
-CAfile /etc/pki/tls/certs/ca-bundle.crt -resp_text
gives this response:
OCSP Response Data:
OCSP
...@openssl.org
To: openssl-users@openssl.org
Subject: Re: OCSP_basic_verify:certificate verify error (Verify
error:unable to get local issuer certificate) ERROR
On Thu, Jul 15, 2010, Luis Neves wrote:
openssl ocsp -issuer /etc/pki/tls/certs/CC0001.pem -cert
/home/oracle/lneves.pem
Extensions:
OCSP Nonce:
0410B32E193742C48C57C927C1F062AB06A5
Date: Thu, 15 Jul 2010 14:27:55 +0200
From: st...@openssl.org
To: openssl-users@openssl.org
Subject: Re: OCSP_basic_verify:certificate verify error (Verify
error:unable to get local issuer certificate
some progress:
openssl ocsp -issuer /etc/pki/tls/certs/CC0003.pem -cert
/home/oracle/lneves.pem -url http://ocsp.auc.cartaodecidadao.pt/publico/ocsp
-CAfile /etc/pki/tls/certs/CC0003.pem -resp_text
using CC0003.pem instead of C0002.pem returns GOOD (will try to check why)
but still returning
On Thu, Jul 15, 2010, Luis Neves wrote:
some progress:
openssl ocsp -issuer /etc/pki/tls/certs/CC0003.pem -cert
/home/oracle/lneves.pem -url http://ocsp.auc.cartaodecidadao.pt/publico/ocsp
-CAfile /etc/pki/tls/certs/CC0003.pem -resp_text
using CC0003.pem instead of C0002.pem returns
On 7/15/10 7:46 AM, Luis Neves wrote:
Hello,
Iam using the
-CAfile /etc/pki/tls/certs/ca-bundle.crt,
and the CA certificate is appended to this list, shouldnt this work ok?
the OCSP responder comes from the lneves.pem certificate itself, so it
must be ok, I presume
Luis
Just because a
14 matches
Mail list logo
