Hi, If the OCSP responder does not send the response signer certificate in the OCSP response, then how can we find the signer certificate?
I was doing a simple test to verify google certificate via OCSP like this: $ openssl ocsp -issuer ./www.google.com.sg-issuer.cer -CAfile ./ca.cer -cert ./www.google.com.sg.cer -url http://clients1.google.com/ocsp -header Host clients1.google.com -no_nonce Response Verify Failure 2283136:error:27069076:OCSP routines:OCSP_basic_verify:signer certificate not found:ocsp_vfy.c:91: ./www.google.com.sg.cer: good This Update: Oct 27 14:35:13 2015 GMT Next Update: Nov 3 14:35:13 2015 GMT Upon checking the wireshark capture, I found the OCSP response does not send signer cert, but only the responderID (byKey). In such scenario, where do I find the OCSP response signer cert? with regards, Saravanan
_______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
