Hi, > Upon checking the wireshark capture, I found the OCSP response does not send > signer cert, but only the responderID (byKey). > > In such scenario, where do I find the OCSP response signer cert? Clarifying my own question. https://tools.ietf.org/html/rfc6960#section-4.2.2.3 says: --------------- The purpose of the ResponderID information is to allow clients to find the certificate used to sign a signed OCSP response. Therefore, the information MUST correspond to the certificate that was used to sign the response. The responder MAY include certificates in the certs field of BasicOCSPResponse that help the OCSP client verify the responder's signature. ----------------- I understand that it is not mandatory to send the OCSP response signer certificate in the OCSP response. So in such cases, where to find the OCSP response signer certificate? That is my question. with regards, Saravanan
