Ocsp response status unauthorized biography

  • Failed to validate certificate java malformed_request
  • Caused by: java.security.cert.certpathvalidatorexception: ocsp response error: malformed_request
  • Openssl ocsp

    • Creating and Using SSL Certificates

    This tutorial shows how we may be our own root CA (Certificate Authority) so that we can take advantage of SSL encryption without spending unnecessary money on having our certificates signed. It includes everything to have both CRL and OCSP revocation in issued certificates.

    A drawback is that browsers will still complain about our site not being trusted until our root certificate is imported. However, once this is done, we are no different from the commercial root CAs.

    Clients will only import our root certificate if they trust us. This is where the commercial CAs come in: they purport to do extensive research into the people and organizations for whom they sign certificates. By importing (actually, by the browser vendors incorporating) their trusted root certificates, we are saying that we trust them when they guarantee that someone else is who they say they are. We can trust additional root CAs (like ourselves) by importing their CA certif

    Sectigo: "unauthorized" OCSP responses

    ClosedBug 1639518Opened 5 years agoClosed 5 years ago

    *Summary:

    Sectigo: "unauthorized" OCSP responses

    This bug is publicly visible.

    User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36

    Steps to reproduce:

    Made OCSP responses for certificates https://crt.sh/?id=2445497992 and https://crt.sh/?id=2445497574 to http://ocsp.comodoca.com.

    Actual results:

    HTTP response is 200 OK, but OCSP status is 6 ("unauthorized"), when queried both from my own OCSP checker, and crt.sh. Other requests to the same OCSP responders, for different certificates, are successful.

    Expected results:

    OCSP response should be 0 ("successful").

    Assignee: bwilson → Robin.Alden

    Status: UNCONFIRMED → ASSIGNED

    Type: defect → task

    Ever confirmed: true

    Flags: needinfo?(Robin.Alden)

    Whiteboard: [ca-compliance]

    Both of these ce

  • ocsp response status unauthorized biography

    • Resolved OCSP stapling with Nginx issue

    Hello UFHH01,

    Many thanks for your reply!
    Of course, I'll brev conf files, but didn't want to trash the first brev with maybe a useless thing.

    So, as I've SNI, then inom ran your command adding "-servername www.YOUR-DOMAIN.COM" right after the domain name.
    And inom got the following response:

    OCSP response:
    ======================================
    OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
    Produced At: Sep 21 12:40:00 2016 GMT
    Responses:
    Certificate ID:
    Hash Algorithm: sha1
    Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085C
    Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA0
    Serial Number: 0303E1A40A8F344B3372313F43D9664829C8
    Cert Status: good
    This Update: Sep 21 12:00:00 2016 GMT
    Next Update: Sep 28 12:00:00 2016 GMT


    And this fryst vatten inside the Nginx&#