Hello, when using
openssl ocsp ... in a CGI skript, you must use -noverify because without, this creates the line Response verify OKneither >/dev/null nor 2>&1 >file nor 2>&1 >/dev/null, let this line "disappear"
so this shoots either a 500 page or an invalid OCSP response is sent, which results in Firefox either in:
The OCSP server returned unexpected/invalid HTTP data. (Error code: sec_error_ocsp_bad_http_response) or in: The response from the OCSP server was corrupted or improperly formed. (Error code: sec_error_ocsp_malformed_response) Wireshark was a good help to find out; Greetings from Austria, Walter Höhlhubmer
smime.p7s
Description: S/MIME Cryptographic Signature
