Hi, I am looking for testing the Trusted OCSP responder model. Here is the certificate hierarchy: 1) rootca-->subca-->leaf 2) responderca (another root ca)
subChain : Contains both subca and rootca index.txt - contains the entries for subca and leaf OCSP Request is raised in the sequence: 1) leaf 2) subca This is how the i tried running the ocsp responder: > openssl ocsp -port 2561 -text -index index.txt -CA subChain -rkey respondercakey.pem -rsigner respondercacert.pem Here got good response for leaf but for subca - unknown is returned by responder > openssl ocsp -port 2561 -text -index index.txt -CA cacert.pem -rkey respondercakey.pem -rsigner respondercacert.pem Here unknown is returned by responder for leaf Could you please help here with what I am missing ? Is there any other way to give the "CA" option while running "global responder" -that is a trusted responder model ? Thanks, Murugesh
