What is the use of the responderID in the OCSP response?
Question
I am not clear on the use of the responder ID in the definition of the OCSP response.
I am doing OCSP checks via Java's PKIX APIs.
Using a third party library I get (during the OCSP response processing):
java.security.cert.CertPathValidatorException: Could not determine revocation status: ResponderID in response did not match responder certificate.
If I switch to the default provider (eg SUN), I get no such exception and the revocation check works fine.
Looking into this more, it seems that this exception is related to whether the identifier of the responder will use the key hash of the public key of the signing certificate or the subject of the signing certificate.
I do not know what is the difference though and why SUN's implementation does not have a problem with the OCSP response.
I do not want to jump to conclusion and drop the other library before I understand what is going on here.
Could someone please help me understand what could be the problem here?
1 answers
solution1
1 ACCPTED 2011-05-09 12:44:57
ResponderID允许客户端在服务器提供的证书中找到证书,或者在未提供证书时,在客户端本地存储的证书中找到证书。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.