OCSP blocked or timeout on Windows 7
Hi, I couldn't get OCSP revocation check to work on Windows 7. I installed my self-signed Root and Intermediate certificates on my Windows 7 machine. I then go to Internet Explorer and type in the https://....com:4440. The port sends back a leaf certificate which has OCSP URL in the extension. And the leaf cert is revoked. I verified it using openssl ocsp -url http://xxx -issuer Ica.crt -cert leaf.crt -CAfile Root.crt. In IE, type in https://....com:4440. It appears that it took some time (15 seconds) and come back with connection instead of revocation warning. Is there a security patch that I need to install or some settings to flip to enable this check? BTW, I do have in IE/Tools/Internet options/Advanced/Security: "check for server certificate revocation" box checked. Thanks! -M Plunkett
March 29th, 2011 7:00pm

Hi, I suggest adding the Certificate Snap-In in mmc for the Computer Account (rather than user account). Imported the certificate to the Trusted Root Certificates Authorities and Intermediate Certificates Authorities. Also check the following article. Hope it helps. http://technet.microsoft.com/en-us/library/cc753468.aspx Best Regards, NikiPlease remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
March 31st, 2011 6:08am

Thanks Niki. I tried that. It doesn't work either. I ran certutil: certutil -user -verify -urlfetch leafOCSP.crt I got this error: Failed "OCSP" Time: 0 Error retrieving URL: The server returned an invalid or unrecognized response 0x80072f78 (WIN32: 12152) By looking at the log on OCSP responder, I saw error "wrong header in HTTP request". I haven't located a free HTTP sniffer that works on Windows 7 to see what's going. Any ideas? Thanks!
April 4th, 2011 11:37pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics