Hi, >From rfc 2560: - A CA may specify that an OCSP client can trust a responder for the lifetime of the responder's certificate. The CA does so by including the extension id-pkix-ocsp-nocheck. This SHOULD be a non-critical extension. The value of the extension should be NULL.
Does anyone have advice on how to set this ocsp-nocheck extended attribute on a certificate with openssl? I can do the "extendedKeyUsage = OCSP Signing" but my OCSP certificate needs this other attribute also. I tried messing around with the openssl.cnf mechanism for adding extensions to certs but couldn't get it to work. Regards, Simon McMahon ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
