View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000240Main CAcert Websiteweb of trustpublic2006-05-19 13:552013-01-14 08:42
ReporterDaiki Ueno Assigned To 
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Fixed in Version2006 
Summary0000240: OCSP response signer's certificate expired
DescriptionOCSP signer's certificate expired three days ago.

$ openssl ocsp -url http://ocsp.cacert.org -resp_text -issuer cacert.pem -cert cert.pem > ocsp.pem
Response Verify Failure
5084:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error:ocsp_vfy.c:122:Verify error:certificate has expired

$ openssl x509 -dates -in ocsp.pem
notBefore=May 16 04:45:44 2005 GMT
notAfter=May 16 04:45:44 2006 GMT

Where cert.pem is my client certificate issued by CAcert, and cacert.pem is the root certificate.
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

has duplicate 0000270 closed Status Times Invalid on OpenValidation.org OCSP 

Activities

Red_Blue

2006-07-06 11:47

reporter   ~0000260

The OCSP certificate hasn't been fixed after almost 2 months:

OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = Au, ST = NSW, L = Sydney, O = CAcert Inc., OU = System Administration, CN = OCSP Responder, emailAddress = ocsp@cacert.org
    Produced At: Jul 6 01:13:17 2006 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: 8BA4C9CB172919453EBB8E730991B925F2832265
      Issuer Key Hash: 16B5321BD4C7F3E0E68EF3BDD2B03AEEB23918D1
      Serial Number: 01
    Cert Status: good
    This Update: Jul 6 00:54:43 2006 GMT
    Next Update: Jul 6 01:23:17 2006 GMT

    Response Extensions:
        OCSP Nonce:
            04100A013E339994F0F69F2F6678192808F2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 74271 (0x1221f)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org
        Validity
            Not Before: May 16 04:45:44 2005 GMT
            Not After : May 16 04:45:44 2006 GMT

taral

2006-08-09 10:09

reporter   ~0000355

Still not fixed. This causes Acrobat to be weird about the signatures because it can't check them for revocation.

cassee

2006-08-12 00:28

reporter   ~0000363

Added warning to the responder wiki page, please edit it when this bug is resolved.

http://wiki.cacert.org/wiki/OcspResponder

homer

2006-08-21 10:06

reporter   ~0000619

I am a bit fed up with this problem.

What can I do to help ?

Generate an appropriate certificate ?

Response Verify Failure
15423:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error:ocsp_vfy.c:122:Verify error:certificate has expired
OCSP-3.crt: good
        This Update: Aug 19 11:39:15 2006 GMT
        Next Update: Aug 21 00:11:04 2006 GMT
Response Verify Failure
15422:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error:ocsp_vfy.c:122:Verify error:certificate has expired
OCSP-1.crt: good
        This Update: Aug 20 23:50:55 2006 GMT
        Next Update: Aug 21 00:11:04 2006 GMT

Sourcerer

2006-08-21 18:14

administrator   ~0000620

The security mechanisms make it impossible to generate a OCSP certificate from outside, that´s why the "manufacturing" of the certificate had been assigned to snewpy. I hope the problem will be solved in the next 3 days by Snewpy or Evilbunny.

Sourcerer

2006-08-23 09:39

administrator   ~0000627

Fixed!

homer

2006-08-23 17:19

reporter   ~0000629

Great! Thanks... The certs have been renewed.

Response Verify Failure
19928:error:27069070:OCSP routines:OCSP_basic_verify:root ca not trusted:ocsp_vfy.c:148:
OCSP-3.crt: good
        This Update: Aug 23 03:45:35 2006 GMT
        Next Update: Aug 23 07:23:46 2006 GMT

Response verify OK
OCSP-1.crt: good
        This Update: Aug 23 06:42:46 2006 GMT
        Next Update: Aug 23 07:23:46 2006 GMT

duane

2006-08-23 18:41

developer   ~0000631

The class 3 thing is a configuration issue, not a certificate issue afaik...

Sourcerer

2006-08-24 00:21

administrator   ~0000633

Homer, have you updated to version 1.1 of my OcspTest package?

homer

2006-08-24 05:52

reporter   ~0000636

Yes I can't figure out why

[gr@gr OcspTest 1/0]$ openssl version
OpenSSL 0.9.8b 04 May 2006



[gr@gr ~ 0/0]$ tar -xjvf OcspTest-1.1.tar.bz2
OcspTest/
OcspTest/1
OcspTest/OCSP-Test.sh
OcspTest/root.crt
OcspTest/OCSP-1.crt
OcspTest/OCSP-1.txt
OcspTest/OCSP-3.crt
OcspTest/OCSP-3.txt
OcspTest/class3.crt
[gr@gr ~ 0/0]$ cd OcspTest
[gr@gr OcspTest 0/0]$ ls
1 class3.crt OCSP-1.crt OCSP-1.txt OCSP-3.crt OCSP-3.txt OCSP-Test.sh root.crt
[gr@gr OcspTest 0/0]$ sh OCSP-Test.sh
OCSP Request Data:
    Version: 1 (0x0)
    Requestor List:
        Certificate ID:
          Hash Algorithm: sha1
          Issuer Name Hash: 8BA4C9CB172919453EBB8E730991B925F2832265
          Issuer Key Hash: 16B5321BD4C7F3E0E68EF3BDD2B03AEEB23918D1
          Serial Number: 01AFEC
    Request Extensions:
        OCSP Nonce:
            041058239935684DEB51942C49978C88668E
OCSP Request Data:
    Version: 1 (0x0)
    Requestor List:
        Certificate ID:
          Hash Algorithm: sha1
          Issuer Name Hash: F22A621693A6DA5AD0B98D3A135E35D1EB183661
          Issuer Key Hash: 75A871604C8813F078D98977B56DC589DFBCB17A
          Serial Number: 01F5
    Request Extensions:
        OCSP Nonce:
            0410C0ACCB2EA53015A3245E91525625882A
[gr@gr OcspTest 0/0]$ OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = AU, ST = NSW, L = Sydney, O = CAcert Inc., CN = Class 1 OCSP, emailAddress = support@cacert.org
    Produced At: Aug 23 19:22:36 2006 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: 8BA4C9CB172919453EBB8E730991B925F2832265
      Issuer Key Hash: 16B5321BD4C7F3E0E68EF3BDD2B03AEEB23918D1
      Serial Number: 01AFEC
    Cert Status: good
    This Update: Aug 23 19:11:15 2006 GMT
    Next Update: Aug 23 19:32:36 2006 GMT

    Response Extensions:
        OCSP Nonce:
            041058239935684DEB51942C49978C88668E
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 169498 (0x2961a)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org
        Validity
            Not Before: Aug 22 07:13:24 2006 GMT
            Not After : Aug 22 07:13:24 2011 GMT
        Subject: C=AU, ST=NSW, L=Sydney, O=CAcert Inc., CN=Class 1 OCSP/emailAddress=support@cacert.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:e1:8d:ff:c8:17:9e:de:e6:91:fd:91:80:1c:0a:
                    de:e1:a4:18:ec:21:1c:f7:1a:8a:bc:01:0b:23:2e:
                    91:0d:b8:cd:73:e0:c3:9f:51:69:7e:1c:39:33:ef:
                    f4:e7:ff:ce:3c:87:1a:1f:05:8b:e7:da:13:72:34:
                    88:65:31:43:bb:30:f3:92:70:a7:8a:fb:9c:4c:0b:
                    1b:b5:72:0c:a2:27:9a:16:26:8a:6d:a6:78:0d:86:
                    e8:6d:f0:b7:19:d9:cd:a7:7e:90:87:27:4b:4e:0c:
                    c3:8c:dd:6f:b8:da:ed:7f:01:35:3c:45:f5:b2:ad:
                    7c:44:92:52:da:c6:70:38:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Authentication, OCSP Signing
            X509v3 Subject Alternative Name:
                email:support@cacert.org
    Signature Algorithm: sha1WithRSAEncryption
        34:ea:e4:99:6f:0a:3d:ad:5c:52:1c:78:05:b2:a7:df:7e:6b:
        00:37:d3:39:a9:11:1a:7c:a6:0c:c7:c0:c8:04:8a:e0:71:6c:
        ac:db:f1:30:7c:0c:56:b7:bd:4e:d4:bb:d3:9d:6f:ea:2a:16:
        00:67:52:ff:0a:68:e8:0b:00:e5:86:d5:85:d8:a2:f8:fb:8d:
        e6:38:2c:bf:d5:a7:34:f7:18:1b:49:5e:a8:20:76:bc:a9:84:
        2d:fd:d7:04:ef:4e:44:83:ed:8d:94:da:22:cb:45:43:34:73:
        a5:a6:6f:4d:fc:76:5e:61:3e:fa:6a:8d:e6:44:e0:ee:ad:24:
        6d:34:ae:44:1e:39:31:bb:1a:de:33:31:38:8c:07:06:fe:69:
        c1:27:e2:20:fb:5b:0a:fe:7b:ea:61:91:45:64:3b:61:d5:15:
        29:21:c8:fd:e9:7a:d9:34:46:07:1b:04:d4:18:5a:6d:a0:df:
        b6:83:70:29:c5:8e:67:cc:99:fb:3e:d1:94:e7:e7:07:67:9d:
        b4:09:18:ab:dd:e2:d2:57:23:32:6b:8e:78:46:01:46:89:5d:
        95:2e:f6:11:ce:44:51:66:ac:72:e7:11:e4:f7:bb:b0:91:05:
        37:fc:0d:1b:89:ee:6e:22:89:f7:24:87:0f:f4:54:85:33:e4:
        17:bf:ff:77:7d:7f:f4:49:bb:7f:10:97:bb:6f:d8:a9:1b:d1:
        86:3e:f0:33:f5:05:15:64:88:e4:0e:a6:86:51:9d:52:64:b4:
        4c:7f:e1:b8:3b:53:75:af:9d:e8:de:06:1e:d1:f8:b3:9c:fc:
        39:db:f7:ac:70:e1:58:b2:01:77:ff:6d:86:64:05:c1:37:dd:
        40:42:89:a6:44:10:df:06:a9:68:cc:dc:b4:4a:be:8d:c5:ff:
        fc:d2:51:94:1f:24:95:88:b0:bf:df:78:68:9d:72:21:3e:57:
        3c:fe:ef:0b:76:26:0b:54:d7:29:9d:ab:6c:54:d5:ec:95:53:
        88:8a:42:1a:03:2e:39:6c:b1:6d:09:4e:6a:cb:61:56:45:ca:
        ed:c9:d1:45:73:b5:6e:1d:28:7f:7e:03:42:12:b7:47:2a:95:
        65:07:59:1a:f6:66:c2:89:95:fc:c8:12:2f:6f:2f:35:59:59:
        bf:b1:b7:f5:f3:e5:e8:bf:73:1f:88:da:cd:d9:4e:5a:30:4a:
        3d:8d:58:5b:79:54:65:4b:cb:42:f1:c0:27:b2:ac:2e:cd:fc:
        4d:c8:85:1f:0d:c7:f5:54:22:5e:1a:01:0d:7f:d4:7a:5c:41:
        18:93:ad:5e:65:3d:16:ae:ae:40:2d:99:8e:f5:ee:32:de:66:
        21:07:cf:d8:ce:9f:89:63
-----BEGIN CERTIFICATE-----
MIIERjCCAi6gAwIBAgIDApYaMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTA2MDgyMjA3MTMyNFoXDTExMDgyMjA3MTMyNFowfDEL
MAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYD
VQQKEwtDQWNlcnQgSW5jLjEVMBMGA1UEAxMMQ2xhc3MgMSBPQ1NQMSEwHwYJKoZI
hvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBAOGN/8gXnt7mkf2RgBwK3uGkGOwhHPcairwBCyMukQ24zXPgw59RaX4c
OTPv9Of/zjyHGh8Fi+faE3I0iGUxQ7sw85Jwp4r7nEwLG7VyDKInmhYmim2meA2G
6G3wtxnZzad+kIcnS04Mw4zdb7ja7X8BNTxF9bKtfESSUtrGcDi1AgMBAAGjWDBW
MAwGA1UdEwEB/wQCMAAwJwYDVR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggr
BgEFBQcDCTAdBgNVHREEFjAUgRJzdXBwb3J0QGNhY2VydC5vcmcwDQYJKoZIhvcN
AQEFBQADggIBADTq5JlvCj2tXFIceAWyp99+awA30zmpERp8pgzHwMgEiuBxbKzb
8TB8DFa3vU7Uu9Odb+oqFgBnUv8KaOgLAOWG1YXYovj7jeY4LL/VpzT3GBtJXqgg
dryphC391wTvTkSD7Y2U2iLLRUM0c6Wmb038dl5hPvpqjeZE4O6tJG00rkQeOTG7
Gt4zMTiMBwb+acEn4iD7Wwr+e+phkUVkO2HVFSkhyP3petk0RgcbBNQYWm2g37aD
cCnFjmfMmfs+0ZTn5wdnnbQJGKvd4tJXIzJrjnhGAUaJXZUu9hHORFFmrHLnEeT3
u7CRBTf8DRuJ7m4iifckhw/0VIUz5Be//3d9f/RJu38Ql7tv2Kkb0YY+8DP1BRVk
iOQOpoZRnVJktEx/4bg7U3WvnejeBh7R+LOc/Dnb96xw4ViyAXf/bYZkBcE33UBC
iaZEEN8GqWjM3LRKvo3F//zSUZQfJJWIsL/feGidciE+Vzz+7wt2JgtU1ymdq2xU
1eyVU4iKQhoDLjlssW0JTmrLYVZFyu3J0UVztW4dKH9+A0ISt0cqlWUHWRr2ZsKJ
lfzIEi9vLzVZWb+xt/Xz5ei/cx+I2s3ZTlowSj2NWFt5VGVLy0LxwCeyrC7N/E3I
hR8Nx/VUIl4aAQ1/1HpcQRiTrV5lPRaurkAtmY717jLeZiEHz9jOn4lj
-----END CERTIFICATE-----
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 74271 (0x1221f)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org
        Validity
            Not Before: May 16 04:45:44 2005 GMT
            Not After : May 16 04:45:44 2006 GMT
        Subject: C=Au, ST=NSW, L=Sydney, O=CAcert Inc., OU=System Administration, CN=OCSP Responder/emailAddress=ocsp@cacert.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:b2:0b:3b:79:06:51:c4:ce:42:8b:49:ac:fe:be:
                    f0:6a:14:a6:2f:02:0c:4d:b4:db:13:64:df:a4:83:
                    7e:67:aa:d3:9a:17:79:d9:cb:61:0d:b1:5a:e8:84:
                    92:e9:ea:76:33:06:1e:4d:64:02:ad:11:6a:ae:a6:
                    69:02:66:3b:68:2b:dc:a8:ed:f2:c4:15:1a:7a:37:
                    36:08:05:25:6b:62:a6:b3:2e:cf:2a:f0:9c:73:c1:
                    13:31:41:91:0b:ca:6e:2e:7f:6c:20:9b:f7:df:3c:
                    43:87:13:fd:ea:77:42:20:f2:28:fc:ff:6d:ef:33:
                    e6:7f:57:e2:39:c3:57:76:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Authentication, OCSP Signing
            X509v3 Subject Alternative Name:
                email:ocsp@cacert.org
    Signature Algorithm: md5WithRSAEncryption
        36:f8:45:f3:b4:81:2e:00:d0:3b:11:c0:72:93:0e:9f:d1:2c:
        37:ab:13:6b:1c:da:db:f7:e6:aa:20:70:28:4a:15:15:fc:96:
        57:8d:d2:1e:70:4e:43:d5:dc:37:fd:9b:11:ee:45:2c:c0:2d:
        87:8f:67:0e:b4:31:01:4e:4a:4f:2b:fa:c0:52:08:97:0d:0e:
        64:ea:25:33:f4:4c:4b:72:d4:2f:cf:46:49:b2:bc:28:27:cd:
        52:8b:a1:6e:eb:6d:3f:17:5e:2d:40:f7:fb:be:da:f7:38:29:
        61:a4:d9:54:8d:e3:a3:9b:eb:70:ec:6d:04:59:ae:61:74:c3:
        4c:97:e5:e6:1a:d2:88:aa:e8:68:8e:8d:52:a9:7e:22:48:7c:
        20:5b:1b:86:5f:27:a4:35:8f:60:3d:95:4e:02:95:ab:88:07:
        3d:ac:e3:82:de:60:b8:f0:fa:59:e8:93:f7:c3:22:c3:18:72:
        f5:ab:b5:40:14:d2:9b:ef:a8:86:9d:47:05:ca:af:cd:93:d8:
        77:91:5d:f9:3b:4e:ff:1f:62:c1:c7:4c:4f:69:53:c3:8d:6b:
        b9:34:59:6e:b3:64:fb:d6:8b:ac:13:3e:3a:2d:0c:b7:9e:16:
        1e:0f:02:93:b4:44:84:64:a7:ad:6d:fe:d0:aa:62:36:41:d9:
        ad:3d:1a:dd:e6:ee:c1:70:ea:e3:38:88:6c:53:1a:7c:55:d9:
        40:6d:0e:f0:72:dd:30:03:f7:5c:53:cb:eb:67:39:d8:88:55:
        65:27:b6:ff:9c:6f:d8:d8:a9:b8:1c:bf:04:2e:73:53:76:2f:
        7b:7d:b1:30:42:3b:f4:03:05:b5:c0:57:f0:74:2b:8e:7a:8d:
        1d:ff:e2:5a:69:d6:92:0b:d3:a0:73:30:94:9e:03:85:95:9c:
        80:6b:5f:28:42:ec:01:c2:f9:62:50:20:e9:c7:63:1f:51:8d:
        6a:d3:e0:2e:11:db:48:0b:98:b9:74:46:01:43:a9:9b:7e:7a:
        97:4c:91:f8:ec:71:15:ef:e1:96:e9:52:62:b4:81:1f:e4:2c:
        31:73:32:fe:c7:57:22:17:a7:f6:29:b6:b3:a8:e0:0b:b2:96:
        6b:8c:56:9c:dd:6a:96:72:d7:8f:f0:00:09:0d:2b:8e:dd:f8:
        0b:a6:63:63:db:c6:cd:5a:d0:94:2f:d9:2c:69:4d:55:d0:37:
        94:ec:64:e1:de:61:62:a7:cc:3c:1c:36:ec:b3:71:f9:46:6f:
        b8:8e:30:0a:29:05:e3:43:ec:64:e2:a6:f2:95:3e:fc:69:4c:
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = AU, ST = NSW, L = Sydney, O = CAcert Inc., CN = Class 1 OCSP, emailAddress = support@cacert.org
    Produced At: Aug 23 19:22:36 2006 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: F22A621693A6DA5AD0B98D3A135E35D1EB183661
      Issuer Key Hash: 75A871604C8813F078D98977B56DC589DFBCB17A
      Serial Number: 01F5
    Cert Status: good
    This Update: Aug 23 03:45:35 2006 GMT
    Next Update: Aug 23 19:32:36 2006 GMT

    Response Extensions:
        OCSP Nonce:
            0410C0ACCB2EA53015A3245E91525625882A
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 169498 (0x2961a)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org
        Validity
            Not Before: Aug 22 07:13:24 2006 GMT
            Not After : Aug 22 07:13:24 2011 GMT
        Subject: C=AU, ST=NSW, L=Sydney, O=CAcert Inc., CN=Class 1 OCSP/emailAddress=support@cacert.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:e1:8d:ff:c8:17:9e:de:e6:91:fd:91:80:1c:0a:
                    de:e1:a4:18:ec:21:1c:f7:1a:8a:bc:01:0b:23:2e:
                    91:0d:b8:cd:73:e0:c3:9f:51:69:7e:1c:39:33:ef:
                    f4:e7:ff:ce:3c:87:1a:1f:05:8b:e7:da:13:72:34:
                    88:65:31:43:bb:30:f3:92:70:a7:8a:fb:9c:4c:0b:
                    1b:b5:72:0c:a2:27:9a:16:26:8a:6d:a6:78:0d:86:
                    e8:6d:f0:b7:19:d9:cd:a7:7e:90:87:27:4b:4e:0c:
                    c3:8c:dd:6f:b8:da:ed:7f:01:35:3c:45:f5:b2:ad:
                    7c:44:92:52:da:c6:70:38:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Authentication, OCSP Signing
            X509v3 Subject Alternative Name:
                email:support@cacert.org
    Signature Algorithm: sha1WithRSAEncryption
        34:ea:e4:99:6f:0a:3d:ad:5c:52:1c:78:05:b2:a7:df:7e:6b:
        00:37:d3:39:a9:11:1a:7c:a6:0c:c7:c0:c8:04:8a:e0:71:6c:
        ac:db:f1:30:7c:0c:56:b7:bd:4e:d4:bb:d3:9d:6f:ea:2a:16:
        00:67:52:ff:0a:68:e8:0b:00:e5:86:d5:85:d8:a2:f8:fb:8d:
        e6:38:2c:bf:d5:a7:34:f7:18:1b:49:5e:a8:20:76:bc:a9:84:
        2d:fd:d7:04:ef:4e:44:83:ed:8d:94:da:22:cb:45:43:34:73:
        a5:a6:6f:4d:fc:76:5e:61:3e:fa:6a:8d:e6:44:e0:ee:ad:24:
        6d:34:ae:44:1e:39:31:bb:1a:de:33:31:38:8c:07:06:fe:69:
        c1:27:e2:20:fb:5b:0a:fe:7b:ea:61:91:45:64:3b:61:d5:15:
        29:21:c8:fd:e9:7a:d9:34:46:07:1b:04:d4:18:5a:6d:a0:df:
        b6:83:70:29:c5:8e:67:cc:99:fb:3e:d1:94:e7:e7:07:67:9d:
        b4:09:18:ab:dd:e2:d2:57:23:32:6b:8e:78:46:01:46:89:5d:
        95:2e:f6:11:ce:44:51:66:ac:72:e7:11:e4:f7:bb:b0:91:05:
        37:fc:0d:1b:89:ee:6e:22:89:f7:24:87:0f:f4:54:85:33:e4:
        17:bf:ff:77:7d:7f:f4:49:bb:7f:10:97:bb:6f:d8:a9:1b:d1:
        86:3e:f0:33:f5:05:15:64:88:e4:0e:a6:86:51:9d:52:64:b4:
        d6:71:f9:c5:cd:3b:ae:6f:19:be:90:79:42:a8:52:77:84:ac:
        cb:6c:75:af:b5:61:62:6c
-----BEGIN CERTIFICATE-----
MIIEYzCCAkugAwIBAgIDASIfMA0GCSqGSIb3DQEBBAUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTA1MDUxNjA0NDU0NFoXDTA2MDUxNjA0NDU0NFowgZsx
CzAJBgNVBAYTAkF1MQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIG
A1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFVN5c3RlbSBBZG1pbmlzdHJhdGlv
bjEXMBUGA1UEAxMOT0NTUCBSZXNwb25kZXIxHjAcBgkqhkiG9w0BCQEWD29jc3BA
Y2FjZXJ0Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsgs7eQZRxM5C
i0ms/r7wahSmLwIMTbTbE2TfpIN+Z6rTmhd52cthDbFa6ISS6ep2MwYeTWQCrRFq
rqZpAmY7aCvcqO3yxBUaejc2CAUla2Kmsy7PKvCcc8ETMUGRC8puLn9sIJv33zxD
hxP96ndCIPIo/P9t7zPmf1fiOcNXdisCAwEAAaNVMFMwDAYDVR0TAQH/BAIwADAn
BgNVHSUEIDAeBggrBgEFBQcDAgYIKwYBBQUHAwEGCCsGAQUFBwMJMBoGA1UdEQQT
MBGBD29jc3BAY2FjZXJ0Lm9yZzANBgkqhkiG9w0BAQQFAAOCAgEANvhF87SBLgDQ
OxHAcpMOn9EsN6sTaxza2/fmqiBwKEoVFfyWV43SHnBOQ9XcN/2bEe5FLMAth49n
DrQxAU5KTyv6wFIIlw0OZOolM/RMS3LUL89GSbK8KCfNUouhbuttPxdeLUD3+77a
9zgpYaTZVI3jo5vrcOxtBFmuYXTDTJfl5hrSiKroaI6NUql+Ikh8IFsbhl8npDWP
YD2VTgKVq4gHPazjgt5guPD6WeiT98Miwxhy9au1QBTSm++ohp1HBcqvzZPYd5Fd
+TtO/x9iwcdMT2lTw41ruTRZbrNk+9aLrBM+Oi0Mt54WHg8Ck7REhGSnrW3+0Kpi
NkHZrT0a3ebuwXDq4ziIbFMafFXZQG0O8HLdMAP3XFPL62c52IhVZSe2/5xv2Nip
uBy/BC5zU3Yve32xMEI79AMFtcBX8HQrjnqNHf/iWmnWkgvToHMwlJ4DhZWcgGtf
KELsAcL5YlAg6cdjH1GNatPgLhHbSAuYuXRGAUOpm356l0yR+OxxFe/hlulSYrSB
H+QsMXMy/sdXIhen9im2s6jgC7KWa4xWnN1qlnLXj/AACQ0rjt34C6ZjY9vGzVrQ
lC/ZLGlNVdA3lOxk4d5hYqfMPBw27LNx+UZvuI4wCikF40PsZOKm8pU+/GlM1nH5
xc07rm8ZvpB5QqhSd4Ssy2x1r7VhYmw=
-----END CERTIFICATE-----
        4c:7f:e1:b8:3b:53:75:af:9d:e8:de:06:1e:d1:f8:b3:9c:fc:
        39:db:f7:ac:70:e1:58:b2:01:77:ff:6d:86:64:05:c1:37:dd:
        40:42:89:a6:44:10:df:06:a9:68:cc:dc:b4:4a:be:8d:c5:ff:
        fc:d2:51:94:1f:24:95:88:b0:bf:df:78:68:9d:72:21:3e:57:
        3c:fe:ef:0b:76:26:0b:54:d7:29:9d:ab:6c:54:d5:ec:95:53:
        88:8a:42:1a:03:2e:39:6c:b1:6d:09:4e:6a:cb:61:56:45:ca:
        ed:c9:d1:45:73:b5:6e:1d:28:7f:7e:03:42:12:b7:47:2a:95:
        65:07:59:1a:f6:66:c2:89:95:fc:c8:12:2f:6f:2f:35:59:59:
        bf:b1:b7:f5:f3:e5:e8:bf:73:1f:88:da:cd:d9:4e:5a:30:4a:
        3d:8d:58:5b:79:54:65:4b:cb:42:f1:c0:27:b2:ac:2e:cd:fc:
        4d:c8:85:1f:0d:c7:f5:54:22:5e:1a:01:0d:7f:d4:7a:5c:41:
        18:93:ad:5e:65:3d:16:ae:ae:40:2d:99:8e:f5:ee:32:de:66:
        21:07:cf:d8:ce:9f:89:63
-----BEGIN CERTIFICATE-----
MIIERjCCAi6gAwIBAgIDApYaMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTA2MDgyMjA3MTMyNFoXDTExMDgyMjA3MTMyNFowfDEL
MAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYD
VQQKEwtDQWNlcnQgSW5jLjEVMBMGA1UEAxMMQ2xhc3MgMSBPQ1NQMSEwHwYJKoZI
hvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBAOGN/8gXnt7mkf2RgBwK3uGkGOwhHPcairwBCyMukQ24zXPgw59RaX4c
OTPv9Of/zjyHGh8Fi+faE3I0iGUxQ7sw85Jwp4r7nEwLG7VyDKInmhYmim2meA2G
6G3wtxnZzad+kIcnS04Mw4zdb7ja7X8BNTxF9bKtfESSUtrGcDi1AgMBAAGjWDBW
MAwGA1UdEwEB/wQCMAAwJwYDVR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggr
BgEFBQcDCTAdBgNVHREEFjAUgRJzdXBwb3J0QGNhY2VydC5vcmcwDQYJKoZIhvcN
AQEFBQADggIBADTq5JlvCj2tXFIceAWyp99+awA30zmpERp8pgzHwMgEiuBxbKzb
8TB8DFa3vU7Uu9Odb+oqFgBnUv8KaOgLAOWG1YXYovj7jeY4LL/VpzT3GBtJXqgg
dryphC391wTvTkSD7Y2U2iLLRUM0c6Wmb038dl5hPvpqjeZE4O6tJG00rkQeOTG7
Gt4zMTiMBwb+acEn4iD7Wwr+e+phkUVkO2HVFSkhyP3petk0RgcbBNQYWm2g37aD
cCnFjmfMmfs+0ZTn5wdnnbQJGKvd4tJXIzJrjnhGAUaJXZUu9hHORFFmrHLnEeT3
u7CRBTf8DRuJ7m4iifckhw/0VIUz5Be//3d9f/RJu38Ql7tv2Kkb0YY+8DP1BRVk
iOQOpoZRnVJktEx/4bg7U3WvnejeBh7R+LOc/Dnb96xw4ViyAXf/bYZkBcE33UBC
iaZEEN8GqWjM3LRKvo3F//zSUZQfJJWIsL/feGidciE+Vzz+7wt2JgtU1ymdq2xU
1eyVU4iKQhoDLjlssW0JTmrLYVZFyu3J0UVztW4dKH9+A0ISt0cqlWUHWRr2ZsKJ
lfzIEi9vLzVZWb+xt/Xz5ei/cx+I2s3ZTlowSj2NWFt5VGVLy0LxwCeyrC7N/E3I
hR8Nx/VUIl4aAQ1/1HpcQRiTrV5lPRaurkAtmY717jLeZiEHz9jOn4lj
-----END CERTIFICATE-----
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 74271 (0x1221f)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org
        Validity
            Not Before: May 16 04:45:44 2005 GMT
            Not After : May 16 04:45:44 2006 GMT
        Subject: C=Au, ST=NSW, L=Sydney, O=CAcert Inc., OU=System Administration, CN=OCSP Responder/emailAddress=ocsp@cacert.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:b2:0b:3b:79:06:51:c4:ce:42:8b:49:ac:fe:be:
                    f0:6a:14:a6:2f:02:0c:4d:b4:db:13:64:df:a4:83:
                    7e:67:aa:d3:9a:17:79:d9:cb:61:0d:b1:5a:e8:84:
                    92:e9:ea:76:33:06:1e:4d:64:02:ad:11:6a:ae:a6:
                    69:02:66:3b:68:2b:dc:a8:ed:f2:c4:15:1a:7a:37:
                    36:08:05:25:6b:62:a6:b3:2e:cf:2a:f0:9c:73:c1:
                    13:31:41:91:0b:ca:6e:2e:7f:6c:20:9b:f7:df:3c:
                    43:87:13:fd:ea:77:42:20:f2:28:fc:ff:6d:ef:33:
                    e6:7f:57:e2:39:c3:57:76:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Authentication, OCSP Signing
            X509v3 Subject Alternative Name:
                email:ocsp@cacert.org
    Signature Algorithm: md5WithRSAEncryption
        36:f8:45:f3:b4:81:2e:00:d0:3b:11:c0:72:93:0e:9f:d1:2c:
        37:ab:13:6b:1c:da:db:f7:e6:aa:20:70:28:4a:15:15:fc:96:
        57:8d:d2:1e:70:4e:43:d5:dc:37:fd:9b:11:ee:45:2c:c0:2d:
        87:8f:67:0e:b4:31:01:4e:4a:4f:2b:fa:c0:52:08:97:0d:0e:
        64:ea:25:33:f4:4c:4b:72:d4:2f:cf:46:49:b2:bc:28:27:cd:
        52:8b:a1:6e:eb:6d:3f:17:5e:2d:40:f7:fb:be:da:f7:38:29:
        61:a4:d9:54:8d:e3:a3:9b:eb:70:ec:6d:04:59:ae:61:74:c3:
        4c:97:e5:e6:1a:d2:88:aa:e8:68:8e:8d:52:a9:7e:22:48:7c:
        20:5b:1b:86:5f:27:a4:35:8f:60:3d:95:4e:02:95:ab:88:07:
        3d:ac:e3:82:de:60:b8:f0:fa:59:e8:93:f7:c3:22:c3:18:72:
        f5:ab:b5:40:14:d2:9b:ef:a8:86:9d:47:05:ca:af:cd:93:d8:
        77:91:5d:f9:3b:4e:ff:1f:62:c1:c7:4c:4f:69:53:c3:8d:6b:
        b9:34:59:6e:b3:64:fb:d6:8b:ac:13:3e:3a:2d:0c:b7:9e:16:
        1e:0f:02:93:b4:44:84:64:a7:ad:6d:fe:d0:aa:62:36:41:d9:
        ad:3d:1a:dd:e6:ee:c1:70:ea:e3:38:88:6c:53:1a:7c:55:d9:
        40:6d:0e:f0:72:dd:30:03:f7:5c:53:cb:eb:67:39:d8:88:55:
        65:27:b6:ff:9c:6f:d8:d8:a9:b8:1c:bf:04:2e:73:53:76:2f:
        7b:7d:b1:30:42:3b:f4:03:05:b5:c0:57:f0:74:2b:8e:7a:8d:
        1d:ff:e2:5a:69:d6:92:0b:d3:a0:73:30:94:9e:03:85:95:9c:
        80:6b:5f:28:42:ec:01:c2:f9:62:50:20:e9:c7:63:1f:51:8d:
        6a:d3:e0:2e:11:db:48:0b:98:b9:74:46:01:43:a9:9b:7e:7a:
        97:4c:91:f8:ec:71:15:ef:e1:96:e9:52:62:b4:81:1f:e4:2c:
        31:73:32:fe:c7:57:22:17:a7:f6:29:b6:b3:a8:e0:0b:b2:96:
        6b:8c:56:9c:dd:6a:96:72:d7:8f:f0:00:09:0d:2b:8e:dd:f8:
        0b:a6:63:63:db:c6:cd:5a:d0:94:2f:d9:2c:69:4d:55:d0:37:
        94:ec:64:e1:de:61:62:a7:cc:3c:1c:36:ec:b3:71:f9:46:6f:
        b8:8e:30:0a:29:05:e3:43:ec:64:e2:a6:f2:95:3e:fc:69:4c:
        d6:71:f9:c5:cd:3b:ae:6f:19:be:90:79:42:a8:52:77:84:ac:
        cb:6c:75:af:b5:61:62:6c
-----BEGIN CERTIFICATE-----
MIIEYzCCAkugAwIBAgIDASIfMA0GCSqGSIb3DQEBBAUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTA1MDUxNjA0NDU0NFoXDTA2MDUxNjA0NDU0NFowgZsx
CzAJBgNVBAYTAkF1MQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIG
A1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFVN5c3RlbSBBZG1pbmlzdHJhdGlv
bjEXMBUGA1UEAxMOT0NTUCBSZXNwb25kZXIxHjAcBgkqhkiG9w0BCQEWD29jc3BA
Y2FjZXJ0Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsgs7eQZRxM5C
i0ms/r7wahSmLwIMTbTbE2TfpIN+Z6rTmhd52cthDbFa6ISS6ep2MwYeTWQCrRFq
rqZpAmY7aCvcqO3yxBUaejc2CAUla2Kmsy7PKvCcc8ETMUGRC8puLn9sIJv33zxD
hxP96ndCIPIo/P9t7zPmf1fiOcNXdisCAwEAAaNVMFMwDAYDVR0TAQH/BAIwADAn
BgNVHSUEIDAeBggrBgEFBQcDAgYIKwYBBQUHAwEGCCsGAQUFBwMJMBoGA1UdEQQT
MBGBD29jc3BAY2FjZXJ0Lm9yZzANBgkqhkiG9w0BAQQFAAOCAgEANvhF87SBLgDQ
OxHAcpMOn9EsN6sTaxza2/fmqiBwKEoVFfyWV43SHnBOQ9XcN/2bEe5FLMAth49n
DrQxAU5KTyv6wFIIlw0OZOolM/RMS3LUL89GSbK8KCfNUouhbuttPxdeLUD3+77a
9zgpYaTZVI3jo5vrcOxtBFmuYXTDTJfl5hrSiKroaI6NUql+Ikh8IFsbhl8npDWP
YD2VTgKVq4gHPazjgt5guPD6WeiT98Miwxhy9au1QBTSm++ohp1HBcqvzZPYd5Fd
+TtO/x9iwcdMT2lTw41ruTRZbrNk+9aLrBM+Oi0Mt54WHg8Ck7REhGSnrW3+0Kpi
NkHZrT0a3ebuwXDq4ziIbFMafFXZQG0O8HLdMAP3XFPL62c52IhVZSe2/5xv2Nip
uBy/BC5zU3Yve32xMEI79AMFtcBX8HQrjnqNHf/iWmnWkgvToHMwlJ4DhZWcgGtf
KELsAcL5YlAg6cdjH1GNatPgLhHbSAuYuXRGAUOpm356l0yR+OxxFe/hlulSYrSB
H+QsMXMy/sdXIhen9im2s6jgC7KWa4xWnN1qlnLXj/AACQ0rjt34C6ZjY9vGzVrQ
lC/ZLGlNVdA3lOxk4d5hYqfMPBw27LNx+UZvuI4wCikF40PsZOKm8pU+/GlM1nH5
xc07rm8ZvpB5QqhSd4Ssy2x1r7VhYmw=
-----END CERTIFICATE-----
Response verify OK
OCSP-1.crt: good
        This Update: Aug 23 19:11:15 2006 GMT
        Next Update: Aug 23 19:32:36 2006 GMT
Response Verify Failure
24835:error:27069070:OCSP routines:OCSP_basic_verify:root ca not trusted:ocsp_vfy.c:148:
OCSP-3.crt: good
        This Update: Aug 23 03:45:35 2006 GMT
        Next Update: Aug 23 19:32:36 2006 GMT

Issue History

Date Modified Username Field Change
2006-05-19 13:55 Daiki Ueno New Issue
2006-07-06 11:47 Red_Blue Note Added: 0000260
2006-08-04 01:43 Sourcerer Relationship added has duplicate 0000270
2006-08-09 10:09 taral Note Added: 0000355
2006-08-12 00:28 cassee Note Added: 0000363
2006-08-14 16:14 duane Status new => needs work
2006-08-14 16:14 duane Assigned To => snewpy
2006-08-21 10:06 homer Note Added: 0000619
2006-08-21 10:08 homer Assigned To snewpy => homer
2006-08-21 10:08 homer Priority normal => high
2006-08-21 18:14 Sourcerer Note Added: 0000620
2006-08-23 09:39 Sourcerer Status needs work => closed
2006-08-23 09:39 Sourcerer Note Added: 0000627
2006-08-23 09:39 Sourcerer Resolution open => fixed
2006-08-23 09:39 Sourcerer Fixed in Version => production
2006-08-23 17:19 homer Note Added: 0000629
2006-08-23 18:41 duane Note Added: 0000631
2006-08-24 00:21 Sourcerer Note Added: 0000633
2006-08-24 05:52 homer Note Added: 0000636
2013-01-14 08:42 Werner Dworak Assigned To homer =>
2013-01-14 08:42 Werner Dworak Fixed in Version => 2006