Hi, I couldn't get OCSP revocation check to work on Windows 7. I installed my self-signed Root and Intermediate certificates (generated using openssl 0.9.8) on my Windows 7 machine. I then go to Internet Explorer and type in the https://....com:4440. The port sends back a leaf certificate which has OCSP URL in the extension. And the leaf cert is revoked. I verified it using openssl ocsp -url http://xxx -issuer Ica.crt -cert leaf.crt -CAfile Root.crt. In IE, type in https://....com:4440. It appears that it took some time (15 seconds) and come back with connection instead of revocation warning. Openssl OCSP responder log says "malformed request". If I ping the same from a Windows Vista machine, there is no problem. Is there a security patch that I need to install or some settings to flip to enable this check? BTW, I do have in IE/Tools/Internet options/Advanced/Security: "check for server certificate revocation" box checked. Thanks! -M Plunkett