It is the OCSP responder cert. I suppose you already have that, right? Or you can use this one which will expire on Sep 15, 2005 though.
-----BEGIN CERTIFICATE----- MIID2jCCA0OgAwIBAgIQaVnCDg78Yj+N1V5h9xQh0jANBgkqhkiG9w0BAQUFADCB lDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UE CxMDRUNBMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMTkwNwYD VQQDEzBWZXJpU2lnbiBDbGllbnQgRXh0ZXJuYWwgQ2VydGlmaWNhdGlvbiBBdXRo b3JpdHkwHhcNMDUwNTI2MDAwMDAwWhcNMDUwNjI1MjM1OTU5WjB7MQswCQYDVQQG EwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNFQ0ExFzAV BgNVBAsTDlZlcmlTaWduLCBJbmMuMSswKQYDVQQDEyJWZXJpU2lnbiBDbGllbnQg RUNBIE9DU1AgUmVzcG9uZGVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO s7CVM3MfKvWnY2svXQRmE981uWCakqgWU5m9cKWcND/0kQWhFShROBzT1czVgvtD dH+EbkF3Oaa+RtX775EQa6u5IA3dCr1a+eQr4kNPyTAAicfPgKl2kwMIAxJwpXaG wR09YBL1L96cnaMrrSJRH7lcev2NpsSzGlBpjNwmkwIDAQABo4IBQzCCAT8wRwYI KwYBBQUHAQEEOzA5MDcGCCsGAQUFBzAChitodHRwczovL2VjYS52ZXJpc2lnbi5j b20vQ0EvVmVyaVNpZ25FQ0EuY2VyMFIGA1UdIARLMEkwRwYKYIZIAWUDAgEMAjA5 MDcGCCsGAQUFBwIBFitodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9y eS9lY2EvY3BzMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIG wDAPBgkrBgEFBQcwAQUEAgUAMCcGA1UdEQQgMB6kHDAaMRgwFgYDVQQDEw9PQ1NQ Mi1UR1YtMS0xNDEwHQYDVR0OBBYEFDDvDY7NWAXpc5YGTmNI+SRZgkHUMB8GA1Ud IwQYMBaAFA3A2D2/+2WTyDdmJuKKEl+7woD1MA0GCSqGSIb3DQEBBQUAA4GBAHrP OjxDB35f/2+cORsVIl1oVPy71CaCnJ32KDxlEIRSW7sn4BIkBLfr2Un5ozt7SXzz 6qw5I/hIyT1ADaLjpQubN6H+Oxk6ve6xw1JPuDMLHnABLeF+GzLSs2UxFr3bl4AE gAnMe402U2NJZBJhvvHu+YWdT4cDohuSqEeu+x5R -----END CERTIFICATE----- --- satish danduvarma <[EMAIL PROTECTED]> wrote: > Hi Paul, > Thats great. Thanks for your quick response. > What is tgv.pem file. how can we get that file. > > Thanks in advance, > Varma > > On 8/24/05, Paul Simon <[EMAIL PROTECTED]> > wrote: > > Maybe your URL is wrong. I just tried this: > > > > openssl ocsp -issuer VeriSignClientECA.pem -url > > http://ocsp.verisign.com -cert eca_usr_cert.pem > > -VAfile tgv.pem -no_nonce -text > > > > and it works fine as follows: > > > > D:\prjs\ocsp\newEcaCA>openssl ocsp -issuer > > VeriSignClientECA.pem -url http://ocs > > p.verisign.com -cert eca_usr_cert.pem -VAfile > tgv.pem > > -no_nonce -text > > OCSP Request Data: > > Version: 1 (0x0) > > Requestor List: > > Certificate ID: > > Hash Algorithm: sha1 > > Issuer Name Hash: > > 75EB8BF61A586BADD9044359324DAC621F5B59C8 > > Issuer Key Hash: > > 0DC0D83DBFFB6593C8376626E28A125FBBC280F5 > > Serial Number: > > 1B148220FC005FD035E866279AE682BE > > OCSP Response Data: > > OCSP Response Status: successful (0x0) > > Response Type: Basic OCSP Response > > Version: 1 (0x0) > > Responder Id: C = US, O = U.S. Government, OU = > > ECA, OU = "VeriSign, Inc.", > > CN = VeriSign Client ECA OCSP Responder > > Produced At: Aug 23 17:10:46 2005 GMT > > Responses: > > Certificate ID: > > Hash Algorithm: sha1 > > Issuer Name Hash: > > 75EB8BF61A586BADD9044359324DAC621F5B59C8 > > Issuer Key Hash: > > 0DC0D83DBFFB6593C8376626E28A125FBBC280F5 > > Serial Number: > 1B148220FC005FD035E866279AE682BE > > Cert Status: good > > This Update: Aug 23 17:10:46 2005 GMT > > Next Update: Aug 30 17:10:46 2005 GMT > > > > Certificate: > > Data: > > Version: 3 (0x2) > > Serial Number: > > > > 0f:74:76:24:82:2a:30:ad:35:fc:45:8b:13:36:4b:0b > > Signature Algorithm: sha1WithRSAEncryption > > Issuer: C=US, O=U.S. Government, OU=ECA, > > OU=Certification Authorities, C > > N=VeriSign Client External Certification Authority > > Validity > > Not Before: Aug 16 00:00:00 2005 GMT > > Not After : Sep 15 23:59:59 2005 GMT > > Subject: C=US, O=U.S. Government, OU=ECA, > > OU=VeriSign, Inc., CN=VeriSign > > Client ECA OCSP Responder > > Subject Public Key Info: > > Public Key Algorithm: rsaEncryption > > RSA Public Key: (1024 bit) > > Modulus (1024 bit): > > > > 00:ce:b3:b0:95:33:73:1f:2a:f5:a7:63:6b:2f:5d: > > > > 04:66:13:df:35:b9:60:9a:92:a8:16:53:99:bd:70: > > > > a5:9c:34:3f:f4:91:05:a1:15:28:51:38:1c:d3:d5: > > > > cc:d5:82:fb:43:74:7f:84:6e:41:77:39:a6:be:46: > > > > d5:fb:ef:91:10:6b:ab:b9:20:0d:dd:0a:bd:5a:f9: > > > > e4:2b:e2:43:4f:c9:30:00:89:c7:cf:80:a9:76:93: > > > > 03:08:03:12:70:a5:76:86:c1:1d:3d:60:12:f5:2f: > > > > de:9c:9d:a3:2b:ad:22:51:1f:b9:5c:7a:fd:8d:a6: > > c4:b3:1a:50:69:8c:dc:26:93 > > Exponent: 65537 (0x10001) > > X509v3 extensions: > > Authority Information Access: > > CA Issuers - > > URI:https://eca.verisign.com/CA/VeriSignECA.cer > > > > X509v3 Certificate Policies: > > Policy: 2.16.840.1.101.3.2.1.12.2 > > CPS: > > https://www.verisign.com/repository/eca/cps > > > > X509v3 Extended Key Usage: critical > > OCSP Signing > > X509v3 Key Usage: critical > > Digital Signature, Non Repudiation > > OCSP No Check: > > > > X509v3 Subject Alternative Name: > > DirName:/CN=OCSP2-TGV-1-141 > > X509v3 Subject Key Identifier: > > > > > 30:EF:0D:8E:CD:58:05:E9:73:96:06:4E:63:48:F9:24:59:82:41:D4 > > X509v3 Authority Key Identifier: > > > > > keyid:0D:C0:D8:3D:BF:FB:65:93:C8:37:66:26:E2:8A:12:5F:BB:C2:80:F > > 5 > > > > Signature Algorithm: sha1WithRSAEncryption > > > > > 6b:8d:79:7a:b3:d5:1d:e7:0e:ac:18:e7:f0:b4:fc:b4:cf:03: > > > > > cf:f2:de:e0:93:b9:60:99:ab:b3:52:96:85:dc:34:20:f0:78: > > > > > d8:24:c8:b3:71:25:f2:90:8d:7f:dc:00:7e:25:92:fd:e0:26: > > > > > fa:3d:99:a1:89:86:a0:09:fe:0a:20:34:0a:68:31:cd:60:9d: > > > > > 63:a1:d9:2f:36:7c:4d:74:cc:ca:91:65:cb:a5:1f:5f:3a:e4: > > > > > e4:73:67:9b:8e:50:ec:33:28:37:4c:05:33:a8:84:3e:63:7c: > > > > > 3d:c5:cd:90:c3:72:99:99:7e:e8:e9:67:42:3c:1b:e6:6f:a5: > > 6d:37 > > -----BEGIN CERTIFICATE----- > > > MIID2jCCA0OgAwIBAgIQD3R2JIIqMK01/EWLEzZLCzANBgkqhkiG9w0BAQUFADCB > > > lDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UE > > > CxMDRUNBMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMTkwNwYD > > > VQQDEzBWZXJpU2lnbiBDbGllbnQgRXh0ZXJuYWwgQ2VydGlmaWNhdGlvbiBBdXRo > > > b3JpdHkwHhcNMDUwODE2MDAwMDAwWhcNMDUwOTE1MjM1OTU5WjB7MQswCQYDVQQG > > > EwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNFQ0ExFzAV > > > BgNVBAsTDlZlcmlTaWduLCBJbmMuMSswKQYDVQQDEyJWZXJpU2lnbiBDbGllbnQg > > > RUNBIE9DU1AgUmVzcG9uZGVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO > > > s7CVM3MfKvWnY2svXQRmE981uWCakqgWU5m9cKWcND/0kQWhFShROBzT1czVgvtD > > > dH+EbkF3Oaa+RtX775EQa6u5IA3dCr1a+eQr4kNPyTAAicfPgKl2kwMIAxJwpXaG > > > wR09YBL1L96cnaMrrSJRH7lcev2NpsSzGlBpjNwmkwIDAQABo4IBQzCCAT8wRwYI > > > KwYBBQUHAQEEOzA5MDcGCCsGAQUFBzAChitodHRwczovL2VjYS52ZXJpc2lnbi5j > > > b20vQ0EvVmVyaVNpZ25FQ0EuY2VyMFIGA1UdIARLMEkwRwYKYIZIAWUDAgEMAjA5 > > > MDcGCCsGAQUFBwIBFitodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9y > > > eS9lY2EvY3BzMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIG > > > wDAPBgkrBgEFBQcwAQUEAgUAMCcGA1UdEQQgMB6kHDAaMRgwFgYDVQQDEw9PQ1NQ > > > Mi1UR1YtMS0xNDEwHQYDVR0OBBYEFDDvDY7NWAXpc5YGTmNI+SRZgkHUMB8GA1Ud > > > IwQYMBaAFA3A2D2/+2WTyDdmJuKKEl+7woD1MA0GCSqGSIb3DQEBBQUAA4GBAGuN > > > eXqz1R3nDqwY5/C0/LTPA8/y3uCTuWCZq7NSloXcNCDweNgkyLNxJfKQjX/cAH4l > > > kv3gJvo9maGJhqAJ/gogNApoMc1gnWOh2S82fE10zMqRZculH1865ORzZ5uOUOwz > > KDdMBTOohD5jfD3FzZDDcpmZfujpZ0I8G+ZvpW03 > > -----END CERTIFICATE----- > > Response verify OK > > eca_usr_cert.pem: good > > This Update: Aug 23 17:10:46 2005 GMT > > Next Update: Aug 30 17:10:46 2005 GMT > > > > --- varma d <[EMAIL PROTECTED]> wrote: > > > > > Hi, > > > Thanks a lot prakash for your reply. Actually my > > > application works in this > > > way > > > 1) I will get the x.509 certificate from any > > > server(lets say) > > > yahoo.com<http://yahoo.com>, > > > now from that i will extract yahoo.com > === message truncated === ____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
