Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-3732

clientToolbox ocsp test was not updated after that the root certificate was removed from the certificate chain in the OCSP response.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.2.2
    • Component/s: CLI
    • Labels:
      None
    • Issue discovered during:
      Customer

      Description

      the "clientToolBox ocsp" client has to be fixed to handle the new behavior described in ECA-3351.
      The tests fails since it is assumed that the last cert in the chain is a root and should be self signed.
      A new certificate that is the cert below the last cert in the response chain could be added as an optional new parameter. This will be the root CA cert (chain) or the signer issuer cert (no chain). If this new parameter is present the last cert in the received chain will be tested and otherwise not.
      It is important that we have a tool that could verify the whole chain in a response when an installation is tested.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              lars Lars Silvén
              Reporter:
              lars Lars Silvén
              Verified by:
              Mike Agrenius Kushner
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: