cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
973
Views
0
Helpful
1
Replies

OCSP request signature required. ASA 5540 8.2(4)

diegobalboa
Level 1
Level 1

Hi,

I need to check client´s certificate revocation status and I am using OCSP. I have an ASA 5540 with 8.2(4) software and ASDM 6.4.9.

I have the next log message from OCSP responder:

"OCSP status check failed. Reason: OCSP response status - request signature required."

OCSP server admin says that I have to sign OCSP requests with a certificate, which i have installed in my  ASA device. If request is signed, OCSP responder will give a response about the revocation status of the certificate, and this response will be signed by this server too. I have installed into ASA the OCSP´s responder certificate to validate de response from server.

I need to know if i can sign OCSP request using my client certificate, and if it is possible, how I can configure the ASA to sign it.

Thanks a lot for help :-)

1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Diego,

There is an enhancement request open on our side:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsx67202

i.e. currently no-go. Check with your account manager or SE.

M.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: