Cisco Bug: CSCuo21403 - OCSP client requires response to be signed with chain ends with issuer
Last Modified
Jun 10, 2016
Products (1)
- Cisco Identity Services Engine
Known Affected Releases
1.3(0.592)
Description (partial)
Symptom: In openSSL 0.9.8r used in ISE 1.3 the OCSP response signer certificate must have the self-signed root that is equal to the issuer of the certificate being validated or must be self-signed itself. This restriction blocks Internal CA OCSP Responder from implementing the designed certificate scheme. See attached mail thread for more details. Error Conditions: OCSP signing certificate has root different from the issuer of certificate being verified for revocation.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Status
- Severity
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases