Hi,
I am looking for testing the Trusted OCSP responder model.
Here is the certificate hierarchy:
1) rootca-->subca-->leaf
2) responderca (another root ca)
subChain : Contains both subca and rootca
index.txt - contains the entries for subca and leaf
OCSP Request is raised in the sequence: 1) leaf 2) subca
This is how the i tried running the ocsp responder:
> openssl ocsp -port 2561 -text -index index.txt -CA subChain -rkey respondercakey.pem -rsigner respondercacert.pem
Here got good response for leaf but for subca - unknown is returned by responder
> openssl ocsp -port 2561 -text -index index.txt -CA cacert.pem -rkey
respondercakey.pem -rsigner respondercacert.pem
Here unknown is returned by responder for leaf
Could you please help here with what I am missing ? Is there any other way to give the "CA" option while running "global responder" -that is a trusted responder model ?
Thanks,
Murugesh
