我正在尝试调试为什么 Windows 不接受来自我的 OCSP 响应器的响应为有效。我正在使用命令
CertUtil -downloadOcsp .\certs .\ocsp_responses downloadonce
certs 目录中有一个 p7b 证书。我实时读取了 openssl 1.1.1f OCSP 响应器的日志,我可以看到连接已建立。certutil 的输出看起来像是下载了响应。但 certutil 报告了一个错误,并且没有 ocsp 响应保存在 .\ocsp_responses 中
certutil 的输出是:
7/6/2021 2:43 PM 14.488s :: Check certificate files in directory <certs>
7/6/2021 2:43 PM 14.488s :: Open OCSP subject certificate file -- saratoga.candy-land.name_exchange_20210630145440_exchange.p7b
7/6/2021 2:43 PM 14.498s :: Add OCSP response file -- <8958F37AF76E2151B548E950719789A1FA705F0A> <saratoga.candy-land.name> <ca-sub.candyland.org> <saratoga.candy-land.name_exchange_20210630145440_exchange.p7b>
7/6/2021 2:43 PM 14.498s :: Waiting for 1 download OCSP reponses to complete
==== Downloaded OCSP Responses ====
7/6/2021 2:43 PM 14.498s :: Error => Pending OCSP response download -- <8958F37AF76E2151B548E950719789A1FA705F0A> <saratoga.candy-land.name> <ca-sub.candyland.org> <saratoga.candy-land.name_exchange_20210630145440_exchange.p7b>
Total: 1 Downloaded: 0 Warnings: 0 Pending: 1 Errors: 0 Maximum Thread Count: 2
CertUtil: -downloadOcsp command completed successfully.
我在 Windows 10 Pro 和 Windows Server 2019 上遇到了同样的问题。OCSP 响应器是 openssl 1.1.1f
可能存在什么问题?我该如何解决它?