Ocsp_basic_verify

broken image


  1. What Is Meinnah
  2. Ocsp_basic_verify() Failed (ssl
On Thu, Jul 15, 2010, Luis Neves wrote:
Ocsp_basic_verify
>
> some progress:
>
> openssl ocsp -issuer /etc/pki/tls/certs/CC0003.pem -cert /home/oracle/lneves.pem -url http://ocsp.auc.cartaodecidadao.pt/publico/ocsp -CAfile /etc/pki/tls/certs/CC0003.pem -resp_text
>
> using CC0003.pem instead of C0002.pem returns GOOD (will try to check why)
>
> but still returning the
>
> 11323:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error:ocsp_vfy.c:122:Verify error:unable to get issuer certificate
> /home/oracle/lneves.pem: good
> This Update: Jul 15 15:29:50 2010 GMT
>
> error
>

For each certificate do this:

2015/11/12 16:35:25 error 10140#0: OCSPbasicverify failed (SSL: error:27069065:OCSP routines:OCSPbasicverify:certificate verify error:Verify error:unable to get certificate CRL) while requesting certificate status, responder: gu.symcd.com. Hi all, I've got a bug with the OpenCA-OCSP Responder. I'm working with Debian. The OpenSSL OCSP responder (included in the toolkit) is working as well but this is only a testing version and I want a highly stable solution.

Ocsp_basic_verify

openssl x509 -in cert.pem -subject -issuer -noout A better finder.

Ocsp_basic_verify

The subject of the one you pass to -issuer should match the issuer of the one
you pass to cert. You need a root CA and the rest of the chain passed to
-CApath.

I've just tried to verify the OCSP response but was unable so far. The certificate itself verifies successfully on the local certificate chain, but the OCSP part is somehow broken. Local verification: Intermediate Certificate verification: # openssl verify chain1.pem chain1.pem: OK Server Certificate verification via Intermediate Cert: # openssl verify -CAfile chain1.pem cert1.pem cert1. Teams virtual meeting.

Ocsp_basic_verify
>
> some progress:
>
> openssl ocsp -issuer /etc/pki/tls/certs/CC0003.pem -cert /home/oracle/lneves.pem -url http://ocsp.auc.cartaodecidadao.pt/publico/ocsp -CAfile /etc/pki/tls/certs/CC0003.pem -resp_text
>
> using CC0003.pem instead of C0002.pem returns GOOD (will try to check why)
>
> but still returning the
>
> 11323:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error:ocsp_vfy.c:122:Verify error:unable to get issuer certificate
> /home/oracle/lneves.pem: good
> This Update: Jul 15 15:29:50 2010 GMT
>
> error
>

For each certificate do this:

2015/11/12 16:35:25 error 10140#0: OCSPbasicverify failed (SSL: error:27069065:OCSP routines:OCSPbasicverify:certificate verify error:Verify error:unable to get certificate CRL) while requesting certificate status, responder: gu.symcd.com. Hi all, I've got a bug with the OpenCA-OCSP Responder. I'm working with Debian. The OpenSSL OCSP responder (included in the toolkit) is working as well but this is only a testing version and I want a highly stable solution.

openssl x509 -in cert.pem -subject -issuer -noout A better finder.

The subject of the one you pass to -issuer should match the issuer of the one
you pass to cert. You need a root CA and the rest of the chain passed to
-CApath.

I've just tried to verify the OCSP response but was unable so far. The certificate itself verifies successfully on the local certificate chain, but the OCSP part is somehow broken. Local verification: Intermediate Certificate verification: # openssl verify chain1.pem chain1.pem: OK Server Certificate verification via Intermediate Cert: # openssl verify -CAfile chain1.pem cert1.pem cert1. Teams virtual meeting.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss..@openssl.org
Automated List Manager majo..@openssl.org

What Is Meinnah

2004-07-20 07:06:08 UTC

Ocsp_basic_verify() Failed (ssl

Hi,
I am trying to verify an OCSP Response using OpenSSL 0.9.7d but is failing. The error I get is:
OpenSSL> ocsp -respin asce_response.dat -VAfile ResponderCert.cer
Response Verify Failure
2540:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is no t 01:.cryptorsarsa_pk1.c:100:
2540:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:.cryptorsarsa_eay.c:580:
2540:error:0D089006:asn1 encoding routines:ASN1_verify:EVP lib:.cryptoasn1a_verify.c:162:
2540:error:27069075:OCSP routines:OCSP_basic_verify:signature failure:.cryptoocspocsp_vfy.c:98:
Can any body tell what the problem is and what does the error states ?
I am able to use atleast 3 other Cryptographic APIs which Successfully verified the OCSP Response but OpenSSL is failing!!.
Regards,
Wahaj




broken image
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save