OCSP – Page 2 – WindowsTechs.com

Why my certificate does not have OCSP must-staple extension even when CSR contains it, is OCSP must-staple still used?

Posted on October 18, 2021 by romanmoravcik

We received recently security report with [low] security issue: Missing "Must-Staple" extension on certificate.
With help of old article oscp-must-staple I managed to create CRA with extension.
Requested Extensions:
X509v3 Basi… Continue reading Why my certificate does not have OCSP must-staple extension even when CSR contains it, is OCSP must-staple still used?→

Is a OCSP request verified via TLS?

Posted on September 24, 2021 by metriXc

I was wondering if the connection towards the ocsp responder/server is TLS encrytped itself. Meaning that the client requesting a validity check for a certificate verifies the OCSPs server certificate?
If so that OCSP server should be sign… Continue reading Is a OCSP request verified via TLS?→

Is Mac OS Big Sur Spying?

Posted on May 31, 2021 by Axonritts

I would like to know if macOS "Big Sur" sends unencrypted OCSP requests. I am a newbie and not aware of technical stuff, but when I came across Jeffrey Paul’s article, I am a bit concerned about whether to continue using Mac.

… Continue reading Is Mac OS Big Sur Spying?→

Possible to create a self-signed certificate with AIA extension using PowerShell or openssl?

Posted on March 17, 2021 by ericOnline

I am able to use the PowerShell New-SelfSignedCertificate cmdlet to create a self-signed cert just fine, but I’d like to create one with an AIA extension and give it an OCSP responder URL.
There is a cmdlet parameter called -Extension, but… Continue reading Possible to create a self-signed certificate with AIA extension using PowerShell or openssl?→

Possible to create a self-signed certificate with AIA extension using PowerShell or openssl?

Posted on March 17, 2021 by ericOnline

Are SSL certs auto-revoked if their Not-Valid-After date is reached without renewing?

Posted on February 16, 2021 by ericOnline

I’m learning about X509 certs used in client-cert authentication to https endpoints. If I have an OCSP checker (Python script that creates, submits, decodes OCSP responses), do I need to check the not-valid-after date on a client cert?
Exa… Continue reading Are SSL certs auto-revoked if their Not-Valid-After date is reached without renewing?→

Can CRL and CA Issuers urls contain spaces?

Posted on February 7, 2021 by Chi.C.J.Rajeeva Lochana

I am using OpenSSL
For example, I have a CRL/CA Issuers URL that is like this:
http://pki.example.com/Example Intermediate Certificate Authority.crl

#CA Issuers
caIssuers;URI.0 = http://pki.example.com/Example Intermediate Certificate Aut… Continue reading Can CRL and CA Issuers urls contain spaces?→

How revocation status of delegated OCSP responder is verified at the client side?

Posted on January 18, 2021 by Kumar

If the OCSP signing is delegated explicitly to another entity and that delegated OCSP responder is compromised, how to revoke the certificate and convey the revocation information to a client? We need CRL for this?

Continue reading How revocation status of delegated OCSP responder is verified at the client side?→

OpenSSL OCSP Responder "Cert Status: good" -> "Cert Status: unknown"

Posted on November 10, 2020 by jj_inno

Summary:
Certificates calling to OCSP Responder (OCSPr) have their "Cert Status" change from "good" to "unknown" with no known to changes to environment. Completely lost on this one.
More Detail:
I have been b… Continue reading OpenSSL OCSP Responder "Cert Status: good" -> "Cert Status: unknown"→

Why does the OCSP need a pair of keys?

Posted on October 25, 2020 by confused_openssl_user

I am reading a tutorial about OpenSSl CA installation and after setting up the CA, they say that we now generate a pair for the OCSP because it needs to sign its responses.
I am confused at this point. I mean, even if there was a man in th… Continue reading Why does the OCSP need a pair of keys?→