Windows 7 OCSP malformed request

Discussion in 'Windows 7 Help and Support' started by plunkett, Apr 8, 2011.

  1. plunkett

    plunkett New Member

    Joined:
    Apr 8, 2011
    Messages:
    4
    Likes Received:
    0
    Hi,

    I couldn't get OCSP revocation check to work on Windows 7. I installed my self-signed Root and Intermediate certificates (generated using openssl 0.9.8) on my Windows 7 machine. I then go to Internet Explorer and type in the https://....com:4440. The port sends back a leaf certificate which has OCSP URL in the extension. And the leaf cert is revoked. I verified it using openssl ocsp -url http://xxx -issuer Ica.crt -cert leaf.crt -CAfile Root.crt.

    In IE, type in https://....com:4440. It appears that it took some time (15 seconds) and come back with connection instead of revocation warning. Openssl OCSP responder log says "malformed request". If I ping the same from a Windows Vista machine, there is no problem.

    Is there a security patch that I need to install or some settings to flip to enable this check? BTW, I do have in IE/Tools/Internet options/Advanced/Security: "check for server certificate revocation" box checked.

    Thanks!
    -M Plunkett
     
  2. plunkett

    plunkett New Member

    Joined:
    Apr 8, 2011
    Messages:
    4
    Likes Received:
    0
    I am using TORSEC OCSPD responder. Windws 7 client sends only HTTP GET to OCSPD, instead of HTTP GET and HTTP POST (if GET failed) as CryptAPI 2.0 does in a Windows Vista client. So, my problem is why Windows 7 client never switch to HTTP POST when HTTP GET failed.

    -M Plunkett
     

Share This Page

Loading...