Hi, If the OCSP responder does not send the response signer certificate in the OCSP response, then how can we find the signer certificate? I was doing a simple test to verify google certificate via OCSP like this: $ openssl ocsp -issuer ./www.google.com.sg-issuer.cer -CAfile ./ca.cer -cert ./www.google.com.sg.cer -url http://clients1.google.com/ocsp -header Host clients1.google.com -no_nonce Response Verify Failure 2283136:error:27069076:OCSP routines:OCSP_basic_verify:signer certificate not found:ocsp_vfy.c:91: ./www.google.com.sg.cer: good This Update: Oct 27 14:35:13 2015 GMT Next Update: Nov 3 14:35:13 2015 GMT Upon checking the wireshark capture, I found the OCSP response does not send signer cert, but only the responderID (byKey). In such scenario, where do I find the OCSP response signer cert? with regards, Saravanan -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151028/2ad4016a/attachment.html>
