|
Hello, I’ve created a CA using EasyRSA, which is based on openssl. I’m trying to run “openssl ocsp” in server mode. Everything starts just fine and it processes client requests, but no matter what certificate I try to query, the openssl ocsp
responder sends “Cert Status: unknown”. This is the server command line: /usr/bin/openssl ocsp -ignore_err -resp_no_certs -nmin 60 -index /opt/EasyRSA-3.0.8/pki/index.txt -port 8080 -rsigner /opt/EasyRSA-3.0.8/pki/issued/ocsp-signer.crt -rkey /opt/EasyRSA-3.0.8/pki/private/ocsp-signer.key -CA /opt/EasyRSA-3.0.8/pki/ca.crt
-text -out /var/log/ocspd/ocspd.log The index file looks good. The certificates I’m querying were definitely issued by the CA. The status is accurate in the index file. What could be going on that’s preventing the ocsp responder from getting and reporting the true status? Thanks! -Pat |
