Apr 24, 2020

openssl - "Next Update" is missing from the OCSP response When I tested a TLS certificate from this PKI against the OCSP responder locally, I get the following results: Response verify OK certs/abc.com.pem: good This Update: Sep 24 18:04:31 2019 GMT I searched online, a lot of examples there show the Next Update line right under the This Update line in an OCSP response. For instance Public Key Infrastructure Configuration Guide, Cisco IOS Dec 24, 2019 #SecureSenses --remediation, not coping: OCSP certificate OCSP response contains the revocation status . To prevent spoofing attacks, the response is signed by the responder. In order to validate the signature, certificate containing public key of the responder is returned. This could lead to a problem whereby OCSP signing certificate revocation would be checked leading to a "verification loop".

Invalid OCSP signing certificate in OCSP response. (Error

OCSP responses can be of various types. An OCSP response consists of a response type and the bytes of the actual response. There is one basic type of OCSP response that MUST be supported by all OCSP servers and clients. The rest of this section pertains only to this JITC - PKI Jun 29, 2016

CERT_OCSP_RESPONSE_PROP_ID. Data type of pvData: A pointer to an array of BYTE values. The size of this array is specified in the pcbData parameter. Returns an encoded OCSP response for this certificate. CERT_PUB_KEY_CNG_ALG_BIT_LENGTH_PROP_ID.

How to Fix "SEC_ERROR_OCSP_FUTURE_RESPONSE" Error in Jul 23, 2018 RFC 6960 - X.509 Internet Public Key Infrastructure Online RFC 6960 PKIX OCSP June 2013 The response "internalError" indicates that the OCSP responder reached an inconsistent internal state. The query should be retried, potentially with another responder. In the event that the OCSP responder is operational but unable to return a status for the requested certificate, the "tryLater" response can be used to indicate that the service exists but is Configuring the CA for OCSP Response Signing Certificates