Same problem here. "dgnservice Root 11:PN" is in the trust store, which is the root of both, "dgnservice qCA 12:PN" and "dgnservice qOCSP 23:PN". It *should* validate, although is doesn't and raises an error: "Unterschrift der OCSP-Antwort ist ungültig" (Signature of OCSP-Response is invalid).
It looks like a problem with the OCSP implementation as other tools (eg. openssl) can validate that successfully.
Stefan
supported this idea
·
Same problem here. "dgnservice Root 11:PN" is in the trust store, which is the root of both, "dgnservice qCA 12:PN" and "dgnservice qOCSP 23:PN". It *should* validate, although is doesn't and raises an error: "Unterschrift der OCSP-Antwort ist ungültig" (Signature of OCSP-Response is invalid).
It looks like a problem with the OCSP implementation as other tools (eg. openssl) can validate that successfully.