CA delegated. Ryan Hurst Chief Technology Officer GMO Globalsign
twitter: @rmhrisk email: ryan.hu...@globalsign.com phone: 206-650-7926 Sent from my phone, please forgive the brevity. On Jun 13, 2013, at 3:42 AM, Igor Sverkos <igor.sver...@googlemail.com> wrote: > Hi, > > Ryan Hurst wrote: >> They are doing a CA signed OCSP response, this is legitimate. >> >> We will do this in the not so distant future as well for many of our >> responses also. > > If this is called "CA signed OCSP response", how is *your* current > response, which you will change in future, called? > > >> You basically need to look at the responderID and see if it's the same >> entity that signed the certificate you are checking if so use that key >> material to do the validation. > > Mh... > > The responderID is "3FD5B5D0D64479504A17A39B8C4ADCB8B022646B". > > I don't know how to check it. Can somebody help? > > I sha1sum'ed the fingerprint, issuer and subject of level1 (COMODO > High-Assurance Secure Server CA) and level2 (AddTrust External CA > Root) but I did not find such a hash/value. > > For me it looks like they are using some kind of delegated OCSP > signer, but because they did not include the signer's certificate in > the response like other OCSP are currntly doing, I am unable to verify > (like openssl's binary), because I don't have the signer certificate. > But how should I get it? > > But maybe I am totally wrong... I am new to this, sorry. > > Thanks. > > > -- > Regards, > Igor > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org
smime.p7s
Description: S/MIME cryptographic signature
