Hi,
in Yours Examples SoftHSM2 tokens, the OCSP for Cert Label : GemBoxECDsa521 into Token GemBoxECDsaToken not working.
GET https://www.gemboxsoftware.com/test/pki/ocsp/GemBoxECDsa => HTTP/1.1 301 Moved Permanently
=> https://www.gemboxsoftware.com/test/pki/ocsp/GemBoxECDsa/ => HTTP/1.1 404 Not Found
Regars
Pawel
PS. This non-functioning OCSP link may be the reason for long UniTest durations when signing, for example, with LTA.
Hi,
This is intended behavior.
We do not run any On-line Certificate Status Protocol server.
As explained in the GemBox Test Certification Practice Statement which can be retrieved from the ‘Certificate Policies’ extension of any GemBox certificate, OCSP responder is inactive.
In that case revocation status should be checked via an alternative method, such as ‘CRL Distribution Points’ and GemBox certificates have such an extension that points to the existing certificate revocation list file.
In your specific case, it points to the CRL GemBoxECDsa.crl that revokes the certificate with the serial number 02 (GemBoxECDsa224.crt) as explained in the GemBox Test Certification Practice Statement.
Regards,
Stipo
