Hi, the ocsp server manpage explains the "rsigner" option as follows:
-rsigner file specifies the certificate to sign OCSP responses with. I thought you sign something with a private key, not with a certificate? When I specify the CA's key here, which starts with "-----BEGIN RSA PRIVATE KEY-----" the command complains that it expects "TRUSTED CERTIFICATE". When I specify the CA's certificate here, which starts with "-----BEGIN TRUSTED CERTIFICATE-----" the command complains that it needs a private key. :-( What do I have to provide here? What I did: I generated a "trusted certificate" from an ordinary certificate with openssl x509 -in CAcert.pem -addtrust OCSPSigning -out trustedCAcert.pem I generated the request with openssl ocsp -issuer CAcert.pem -serial 123 -reqout req.der and tried to respond with openssl ocsp -index .../index.txt -rsigner CAkey.pem -CA trustedCAcert.pem -reqin req.der -respout res.der Christian ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
