I am trying to debug why Windows does not accept the responses from my OCSP responder as valid. I am using the command
CertUtil -downloadOcsp .\certs .\ocsp_responses downloadonce
A single p7b certificate is in the certs directory. I read the log of my openssl 1.1.1f OCSP responder in real-time, and I can see that
the connection is made. And the output from certutil looks like it downloads the response. But certutil reports an error, and no ocsp response is saved in .\ocsp_responses
The output from certutil is:
7/6/2021 2:43 PM 14.488s :: Check certificate files in directory <certs>
7/6/2021 2:43 PM 14.488s :: Open OCSP subject certificate file -- saratoga.candy-land.name_exchange_20210630145440_exchange.p7b
7/6/2021 2:43 PM 14.498s :: Add OCSP response file -- <8958F37AF76E2151B548E950719789A1FA705F0A> <saratoga.candy-land.name> <ca-sub.candyland.org> <saratoga.candy-land.name_exchange_20210630145440_exchange.p7b>
7/6/2021 2:43 PM 14.498s :: Waiting for 1 download OCSP reponses to complete
==== Downloaded OCSP Responses ====
7/6/2021 2:43 PM 14.498s :: Error => Pending OCSP response download -- <8958F37AF76E2151B548E950719789A1FA705F0A> <saratoga.candy-land.name> <ca-sub.candyland.org> <saratoga.candy-land.name_exchange_20210630145440_exchange.p7b>
Total: 1 Downloaded: 0 Warnings: 0 Pending: 1 Errors: 0 Maximum Thread Count: 2
CertUtil: -downloadOcsp command completed successfully.
I get the same behavior on Windows 10 Pro, and Windows Server 2019. The OCSP responder is openssl 1.1.1f
What might the problem be, and How can I correct it?
