Hi Chris!My main goal is for Tomcat to connect to Cómodo ,to get server side OCSP stapling working,I was only testing with OpenSSL OCSP command to make sure that Cómodo OCSP is reachable in the first place. ________________________________ От: Christopher Schultz <ch...@christopherschultz.net> Отправлено: 23 октября 2018 г. 23:28:14 Кому: users@tomcat.apache.org Тема: Re: OCSP stapling in tomcat 7 with APR
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Усманов, On 10/23/18 13:04, Усманов Азат Анварович wrote: > Hi everyone! I did manage to run ocsp check manually without a > proxy (some network issue),still no success with tomcat ocsp or > ssllabs however. > > openssl ocsp -no_nonce -header Host=ocsp.comodoca.com -issuer > issuer.crt -cert /home/idis/STAR_ieml_ru.crt -url > http://ocsp.comodoca.com/ -CAfile issuer.crt Response verify OK > /home/idis/STAR_ieml_ru.crt: good This Update: Oct 21 07:35:07 2018 > GMT Next Update: Oct 28 07:35:07 2018 GMT I'm a little lost: are you trying to get your local responder working for testing, or are you trying to get your server to connect to Comodo's OCSP service? It looks like the above worked correctly. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvPhF4ACgkQHPApP6U8 pFjmtQ//RciGyhtAFGuWlFxdCJy7OLzE1eZ0EfjE/9sRlI4UhtSqbG2eetrLGYDh SOpBZ5HaWN6zIShGvy36TtViTtCqsldkFvg8WD51DtVz7Mv36bNm/uXXzn5mk7GQ k7/AM22KWPewUWoyz8+XgVLnAbJw3zr3paBIBqqm5YXiNOONpK01UqGITs+kzrlr n+dwpit4tAx3u1rYOOefQLoFqmSGx36hic4+SiQNHrqdzLCYkyoMjQ5sCTA/YEV8 22ev/86AjE9i3//+1k8yZDdtHo0dIbXhecvyyT6U3TCZVE5r8eBUMTc1U2oyGWYK 3exqAfUCg7TaGifV3haKCIGF0mwbt1zYRDwz0P2SMk4PvOTT5rnDwTAmaxJaT/Og zeTM1lYgYGwNUFR67Iyfc5Yq9b5bjGjRWVymkS2cdH1q/IBPiIPtv8k7PqC72nEM EvTvqWNTF5njhA/8wqFnOZEfmQtA3KJy+HXncH7SaJvq5DtIkivEsvleg5FZ4yR4 tZpU3bCcjq1ZfWvfd+XoEYMV+cq80I5Ypov0GFqa2wBiba8lhxa39KrMEC00Tvz7 /J9vtsCXO3baI2onTfEjRFIxDWkjip4VIJbvFWMAoNlnnJ4W5GoGXFax831Wczh/ 0tVojP3fJ8FFD2rLSU99Y7Azp9r+NpM6KEDlmAoSJsB1snjZDDY= =9Yca -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
