Hello could the following be the reason why https://revoked.grc.com/ doesn't get any errors, when using SSL-Bump? Thanks, Walter ---------------------------- Original Message ---------------------------- Subject: Re: [openssl-users] Problem checking certificate with OCSP From: "Dr. Stephen Henson" <steve@xxxxxxxxxxx> Date: Mon, October 5, 2015 17:11 To: openssl-users@xxxxxxxxxxx -------------------------------------------------------------------------- On Mon, Oct 05, 2015, Walter H. wrote: > Hello, > > attached is the certificate and its chain of https://revoked.grc.com/ > > doing this: > > openssl ocsp -no_nonce -issuer chain.pem -cert cert.pem -text -url > http://ocsp2.globalsign.com/gsdomainvalg2 > > goves the following: > > OCSP Request Data: > Version: 1 (0x0) > Requestor List: > Certificate ID: > Hash Algorithm: sha1 > Issuer Name Hash: 45658DA20174402FF48B3A6AC0BC69208095C7CA > Issuer Key Hash: 96ADFAB05BB983642A76C21C8A69DA42DCFEFD28 > Serial Number: 112155688D380775DA34C5DF97433ED3F6A7 > Error querying OCSP responsder > 139928584042312:error:27076072:OCSP routines:PARSE_HTTP_LINE1:server response > error:ocsp_ht.c:250:Code=403,Reason=Forbidden > > where is the problem for this strange error? > Some OCSP responders need the host header, try adding: -header Host ocsp2.globalsign.com Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
