On 28/10/2015 10:24, M K Saravanan wrote: > Hi, > >> Upon checking the wireshark capture, I found the OCSP response does not send >> signer cert, but only the responderID (byKey). >> >> In such scenario, where do I find the OCSP response signer cert? > Clarifying my own question. > > https://tools.ietf.org/html/rfc6960#section-4.2.2.3 says: > > --------------- > The purpose of the ResponderID information is to allow clients to > find the certificate used to sign a signed OCSP response. Therefore, > the information MUST correspond to the certificate that was used to > sign the response. > > The responder MAY include certificates in the certs field of > BasicOCSPResponse that help the OCSP client verify the responder's > signature. > ----------------- > I understand that it is not mandatory to send the OCSP response signer > certificate in the OCSP response. So in such cases, where to find the OCSP > response signer certificate? That is my question. Obvious first check is to see if it is the CA certificate that issued thecertificate you are checking. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
