On 11/07/2019 17:46, Michael Magnuson wrote:
> The OCSP function is working as expected for both "good" and "revoked"
> responses. However, I find that it also allows "unknown" responses. Is the
> "unknown" response behavior adjustable?
The relevant code is:
else if (ocsp_response == OCSP_STATUS_UNKNOWN) {
/* TODO: do nothing for time being */
So, not at the moment.
What behaviour would you like to see / do you think there should be?
Mark
>
> Thanks,
> Mike
>
> ________________________________
> From: Michael Magnuson <mmagnu...@sempervalens.com>
> Sent: Friday, June 28, 2019 10:38 AM
> To: users@tomcat.apache.org
> Subject: Re: OCSP Connector on Tomcat 8.5 not working
>
>
>
> Mark, I was able to get this working. Thank you again for all your help.
> The fix happened when I concatenated both the intermediate CA certificate and
> the root CA certificate into a single PEM file, and used it for the
> caCertificate= attribute.
>
> ________________________________
> From: Mark Thomas <ma...@apache.org>
> Sent: Tuesday, June 25, 2019 12:41 PM
> To: users@tomcat.apache.org
> Subject: Re: OCSP Connector on Tomcat 8.5 not working
>
> On 25/06/2019 20:22, Michael Magnuson wrote:
>>
>>
>> Mark, thanks for the further clarification. With that setup, it prompts for
>> the smart card PIN and you can select your certificate, but then nothing
>> happens. The only way I can get it to successfully open the page is if I
>> also add the attributes trustStoreFile= and trustStorePass= but still no
>> OCSP action.
>
> Can you post your current configuration please.
>
> Please also list the certificate(s) in each of the keystores / PEM files.
>
> I'm wondering if the chain from the sever to the CA is missing.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
