httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 49784] OCSP-validation fails with cert that validates correctly using OpenSSL directly
Date Thu, 26 Aug 2010 17:11:27 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=49784

--- Comment #3 from Dr Stephen Henson <steve@openssl.org> 2010-08-26 13:11:25 EDT ---
(In reply to comment #2)
> 
> I have verified that if I use openssl directly from command line it will verify
> OK. 
> >openssl ocsp -issuer /usr/local/apache2/conf/SITHS_CA_v3.cer -CAfile 
> >/usr/local/apache2/conf/SITHS_CA_v3.cer -cert /mnt/download/uwcert.cer 
> >-text -url http://ocsp.trust.telia.com
> .
> .
> Response verify OK
> /mnt/download/uwcert.cer: good
>         This Update: Jul 29 10:43:41 2010 GMT
>         Next Update: Jul 30 10:43:45 2010 GMT
> 

The (currently fixed) parameters set in Apache for OCSP response validation
require that This Update is not more than 10 minutes in the past. Check the
command line switch -status_age 360 with openssl and see if you get the same
error.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message