Comments on: Public Key Infrastructure Part 8 – OCSP responder //www.tech-coffee.net/public-key-infrastructure-part-8-ocsp-responder/ Mon, 12 Aug 2019 10:21:48 +0000 hourly 1 https://wordpress.org/?v=5.2.5 By: ashrarai //www.tech-coffee.net/public-key-infrastructure-part-8-ocsp-responder/#comment-3591 Mon, 12 Aug 2019 10:21:48 +0000 //www.tech-coffee.net/?p=1933#comment-3591 This is very thorough article.

]]>
By: Romain Serre //www.tech-coffee.net/public-key-infrastructure-part-8-ocsp-responder/#comment-147 Wed, 30 Sep 2015 09:12:39 +0000 //www.tech-coffee.net/?p=1933#comment-147 Hi Martin,

I’ve tried links and they’re working. Mayble a little outage on the blog yesterday…

]]>
By: Martin //www.tech-coffee.net/public-key-infrastructure-part-8-ocsp-responder/#comment-144 Tue, 29 Sep 2015 22:03:59 +0000 //www.tech-coffee.net/?p=1933#comment-144 Sir Can you fix the links to pki posts 1, 2 and 7? Receive the following, “Error establishing a database connection” Excellent pki posts and very helpful.

]]>
By: Romain Serre //www.tech-coffee.net/public-key-infrastructure-part-8-ocsp-responder/#comment-53 Sun, 09 Nov 2014 12:07:36 +0000 //www.tech-coffee.net/?p=1933#comment-53 Hi Long,

Many thanks for your comment ! I appreciate.

Regarding your issue, when you revoke a certificate, you have to republish the CRL into your CRL Distribution Point. For example, if you revoke the certificate of your sub CA you have to republish the ROOT CA CRL. Only the CRL gives the information about revoked certificate to clients.

So you can try to create a certificate and test it with certutil -url. Next revoke this certificate and publish the CRL into CDP. Run again a certutil -url and the certificate should be revoked.

Have a nice weekend

]]>
By: Long //www.tech-coffee.net/public-key-infrastructure-part-8-ocsp-responder/#comment-51 Sun, 09 Nov 2014 02:59:13 +0000 //www.tech-coffee.net/?p=1933#comment-51 Thank you very much Romain for your excellent articles, I have followed them and am able to test out the OCSP capability in Windows. Thank you very much…. FYI, for what it’s worth, with my background in Unix and others, I am really starting to get to know Windows and I really find your articles are very easy to follow. I have now been able to test the OCSP capability! One thing I am still struggling at the moment is really to do with the revocation period. I would revoke a certificate and then using various methods (certutil -crl, change the Revocation Configuration time, republishing Revocation folder in Certification Authority tool etc.) to refresh the ‘cache’, yet I would only be able to obtain the ‘Revoked’ status by restarting the server that host the Intermediate Certificate and the OCSP Responder…. BTW, I have tried out the certutil -urlfetch -verify certfile.cer and that would return me a status of Revoked. But if I use certutil -url certfile.cer or openssl then the status of the revoked certificate would remain ‘Verified’/’Good’ until I reboot the server that hosts the certification authority and the OCSP Responder…. Is there something that I have missed?

]]>