Have a question with implementing an OCSP requestor that can handle validating
an OCSP response that is not signed by the CA who issued the certificate that
we are requesting the OCSP status for but rather, the OCSP response is signed
by a self-signed trusted responder that includes the OCSP Sig
Thanks for the quick response Rich!
Just a quick follow on.
Per RFC6960 for OCSP, there are 3 options:
All definitive response messages SHALL be digitally signed. The key
used to sign the response MUST belong to one of the following:
- the CA who issued the certificate in question
Thanks again Rich. If anyone else has any ideas please share.
From: "Salz, Rich"
Date: Tuesday, December 4, 2018 at 12:56 PM
To: "anipa...@cisco.com" , "openssl-users@openssl.org"
Subject: Re: [openssl-users] OCSP response signed by self-signed trusted
responder validation
Perhaps you can bu