On Tue, Apr 13, 2010, Chris Bare wrote:
> > Additional candidate signer certificates need to be included in the
> > -verify_other option.
> >
> > If the OCSP signing certificate is self signed then it needs to be
> > explicitly
> > trusted which is the -VAfile option if you use that it will als
> Additional candidate signer certificates need to be included in the
> -verify_other option.
>
> If the OCSP signing certificate is self signed then it needs to be explicitly
> trusted which is the -VAfile option if you use that it will also be searched
> as a signer.
doesn't putting it in the
On Tue, Apr 13, 2010, Chris Bare wrote:
> This command works:
>
> openssl ocsp -issuer issuer.pem -VAfile trusted_dir/ocsp_signer.pem -url
> http://ocsp.test.com -cert cert.pem -resp_text
>
> but this fails:
> openssl ocsp -issuer issuer.pem -CApath trusted_dir -url http://ocsp.test.com
> -cer
This command works:
openssl ocsp -issuer issuer.pem -VAfile trusted_dir/ocsp_signer.pem -url
http://ocsp.test.com -cert cert.pem -resp_text
but this fails:
openssl ocsp -issuer issuer.pem -CApath trusted_dir -url http://ocsp.test.com
-cert cert.pem -resp_text
with:
3077556488:error:27069076:OC
