ooh found it…
Turned out I copied the wrong certificate from the chain file.
Both certs are idetical.
ocspcertficate.pem should be:
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgISA/n/t9mIhy7+NJx3XKtWqygpMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNV
BAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1
dGhvcml0eSBYMzAeFw0xNzExMTIxMDQ5NTFaFw0xODAyMTAxMDQ5NTFaMBMxETAPBgNVBAMTCHNl
YmJlLmV1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuqwO3afPEQWrZsG4+9XCZiI
J3jKg5YSPpldg14RFMSu9WdtmVCtDGZq1SNpLM2IJ9EdOUYT8pDNwQYB9XL3XixIOLACOWVrn6Bm
la8CKHPaZ2OC0i0mnfugubHa9PG3JTWQHH0GhrIuvR32BYDQoCQHaNk1aixHDiEvNX7cqn5+T+xa
+PPTRu6bB4xjCcqfmin/0HNwmJaHWLmxM6xBgBZg7rjcxiiwZU1JfCrvjrdIJ1fhKG4058BczXRk
mxsUbHKI5X4xLiswrCOCZ6c10QpDNB+PlI33eBdvAkqjHE9CBPm4X1oXXmw9C/Ym1ifGaw5hXC55
t8NKyhhBAj18qwIDAQABo4ICczCCAm8wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR4+Qq8zo+0n1bMLMYq5S0WRva8
tTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYB
BQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0
dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMH4GA1UdEQR3MHWCDWRuczEuc2ViYmUu
ZXWCDWRuczIuc2ViYmUuZXWCDWltYXAuc2ViYmUuZXWCDW1haWwuc2ViYmUuZXWCEHByaW50ZXIu
c2ViYmUuZXWCCHNlYmJlLmV1gg1zbXRwLnNlYmJlLmV1ggx3d3cuc2ViYmUuZXUwgf4GA1UdIASB
9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3Bz
LmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBv
bmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRh
bmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNy
eXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEALCzTAfuNue2xgdPACpWRgykR
6DMkSTH5J1q6oNsxRDHBn9GO4Xdx2Sz1wb3COdx/2Dcl23ay6wut410fh5MutpyZ0aS/vPdMNyz4
bwQf2jfveY76slbQBi9x1Nrh2HlfojbHf2vVSgHdpYgCf8AfJ1kO0ELWZQVXkjkiG1taHG9rMc5E
/UG6oe6QmkGD/J6CO8UTSagY4McCzLi3sKITihVBhbJGK3S3vM5OSbDtTYUV4HKzoFscRRHpPTsS
q8ojHnK97B21xKSqN0uKPfliOezzVAYsqJpJ/oTdkG2EMF9oM5PeeQY3CmynPVAyEFbAbnSUsEfU
j5c3KkAqRykquQ==
-----END CERTIFICATE-----
A bit complicated to find which certificate is which, especially in a fullchain.pem file
Anyways, now I get the following:
WARNING: no nonce in response
Response Verify Failure
140482443708056:error:27069076:OCSP routines:OCSP_basic_verify:signer certificate not found:ocsp_vfy.c:92:
ocspcert.pem: good
This Update: Nov 15 11:00:00 2017 GMT
Next Update: Nov 22 11:00:00 2017 GMT
“signer certificate not found”?
Which certificate is the OCSP responses signed with?