Solved
Forum Discussion
Kevin_Stewart
Jun 06, 2016Employee
Okay, with "Ignore AIA" unchecked the OCSP URL is going to come from the client certificate AIA field, and it does appear to be doing that. The next thing I'd do is test it manually. From the command line enter the following:
openssl ocsp -issuer [issuer cert] -cert [test cert] -CAfile [CA cert] -url http://ocsp.viettel-ca.vn/
where:
issuer cert = the CA certificate file of the issuer of the test cert
test cert = the certificate you're testing
CA cert = the CA certificate (or certificate bundle) needed to validate the digital signature of the OCSP response
So for example:
openssl ocsp -issuer cacert.crt -cert user.crt -CAfile cacert.crt -url http://http://ocsp.viettel-ca.vn/
Pleas post your results.