error:unable to get local issuer certificate)
Date: Fri, 16 Jul 2010 14:27:05 -0400
Hi Luis:
See reply inline:
On July 16, 2010 11:05:46 am Luis Neves wrote:
snip
besides this, why I have to force httpd.conf with a SSLOCSPDefaultResponder
directive? Shouldnt the mod_ssl code discover
error:unable to get local issuer certificate)
Date: Fri, 16 Jul 2010 14:27:05 -0400
Hi Luis:
See reply inline:
On July 16, 2010 11:05:46 am Luis Neves wrote:
snip
besides this, why I have to force httpd.conf with a SSLOCSPDefaultResponder
directive? Shouldnt the mod_ssl code
Date: Thu, 15 Jul 2010 18:15:32 +0200
From: st...@openssl.org
To: openssl-users@openssl.org
Subject: Re: OCSP_basic_verify:certificate verify error (Verify error:unable
to get local issuer certificate)
On Thu, Jul 15, 2010, Luis Neves wrote:
some progress:
openssl ocsp
On Fri, Jul 16, 2010, Luis Neves wrote:
Ok, using your tip I confirmed that CA certificate is the CC0003.pem
Ive include it at the end of ca-bundle.crt, pem encoded like the others on
this file and used it as
openssl ocsp -issuer /etc/pki/tls/certs/CC0003.pem -cert
2010 13:18:16 +0200
From: st...@openssl.org
To: openssl-users@openssl.org
Subject: Re: OCSP_basic_verify:certificate verify error (Verify
error:unable to get local issuer certificate)
On Fri, Jul 16, 2010, Luis Neves wrote:
Ok, using your tip I confirmed that CA certificate
Hi Luis:
See reply inline:
On July 16, 2010 11:05:46 am Luis Neves wrote:
snip
besides this, why I have to force httpd.conf with a SSLOCSPDefaultResponder
directive? Shouldnt the mod_ssl code discover automatically the responder
address from the client certificate itself??
From your
openssl ocsp -issuer /etc/pki/tls/certs/CC0001.pem -cert
/home/oracle/lneves.pem -url http://ocsp.root.cartaodecidadao.pt/publico/ocsp
-CAfile /etc/pki/tls/certs/ca-bundle.crt -resp_text
gives this response:
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type:
On Thu, Jul 15, 2010, Luis Neves wrote:
openssl ocsp -issuer /etc/pki/tls/certs/CC0001.pem -cert
/home/oracle/lneves.pem -url http://ocsp.root.cartaodecidadao.pt/publico/ocsp
-CAfile /etc/pki/tls/certs/ca-bundle.crt -resp_text
gives this response:
OCSP Response Data:
OCSP
...@openssl.org
To: openssl-users@openssl.org
Subject: Re: OCSP_basic_verify:certificate verify error (Verify
error:unable to get local issuer certificate) ERROR
On Thu, Jul 15, 2010, Luis Neves wrote:
openssl ocsp -issuer /etc/pki/tls/certs/CC0001.pem -cert
/home/oracle/lneves.pem
Extensions:
OCSP Nonce:
0410B32E193742C48C57C927C1F062AB06A5
Date: Thu, 15 Jul 2010 14:27:55 +0200
From: st...@openssl.org
To: openssl-users@openssl.org
Subject: Re: OCSP_basic_verify:certificate verify error (Verify
error:unable to get local issuer certificate
some progress:
openssl ocsp -issuer /etc/pki/tls/certs/CC0003.pem -cert
/home/oracle/lneves.pem -url http://ocsp.auc.cartaodecidadao.pt/publico/ocsp
-CAfile /etc/pki/tls/certs/CC0003.pem -resp_text
using CC0003.pem instead of C0002.pem returns GOOD (will try to check why)
but still returning
On Thu, Jul 15, 2010, Luis Neves wrote:
some progress:
openssl ocsp -issuer /etc/pki/tls/certs/CC0003.pem -cert
/home/oracle/lneves.pem -url http://ocsp.auc.cartaodecidadao.pt/publico/ocsp
-CAfile /etc/pki/tls/certs/CC0003.pem -resp_text
using CC0003.pem instead of C0002.pem returns
On 7/15/10 7:46 AM, Luis Neves wrote:
Hello,
Iam using the
-CAfile /etc/pki/tls/certs/ca-bundle.crt,
and the CA certificate is appended to this list, shouldnt this work ok?
the OCSP responder comes from the lneves.pem certificate itself, so it
must be ok, I presume
Luis
Just because a
13 matches
Mail list logo
