OCSP response error signer certificate not found

pal05 · November 18, 2015, 9:53am

Hi,

i use openssl to verify the OCSP response, i think i get a positive (good) repsone however i receive follow error during the response:

140131535607456:error:27069076:OCSP routines:OCSP_basic_verify:signer certificate not found:ocsp_vfy.c:85:

Any idea what causes this error or how to get rid of it? OCSP on my nginx setup isn't working, i think it may relate to above error.

the full response:

openssl ocsp -issuer chain.pem -cert cert.pem -text -url http://ocsp.int-x1.letsencrypt.org -header "HOST" "ocsp.int-x1.letsencrypt.org" -no_nonce

OCSP Request Data:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: BC5772E2797C56E39994598D75A4A3D24C4C85C5
Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1
Serial Number: 01CC634C0E3DB54D158DD9F342DDC32F9A82

OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X1
Produced At: Nov 17 09:39:00 2015 GMT
Responses:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: BC5772E2797C56E39994598D75A4A3D24C4C85C5
Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1
Serial Number: 01CC634C0E3DB54D158DD9F342DDC32F9A82
Cert Status: good
This Update: Nov 17 09:00:00 2015 GMT
Next Update: Nov 24 09:00:00 2015 GMT

Signature Algorithm: sha256WithRSAEncryption
     61:d4:db:b4:7f:c1:e1:2b:cd:e3:4a:11:f3:ae:b5:ac:c1:ad:
     fd:1a:fc:93:1a:f7:86:99:3f:60:50:34:dc:ab:b3:54:c0:1a:
     e9:c1:8b:be:3b:0d:5a:9b:d9:d5:48:74:b5:49:1b:d7:52:14:
     0d:67:17:5f:92:44:3b:6b:3c:9e:a4:04:e1:21:a0:7d:7b:23:
     95:75:b9:a2:b9:1b:0b:65:d5:8d:81:de:a9:30:d6:52:c6:3e:
     ae:06:8b:fe:57:a9:fb:04:71:52:89:f9:ca:17:97:bf:1d:dc:
     88:60:0f:97:05:50:00:3a:76:f0:3d:f4:b2:c9:ae:04:85:a5:
     1c:68:fb:55:19:b7:07:d0:83:be:5b:3e:c2:f8:c8:b1:69:70:
     29:59:78:fc:80:b1:74:29:3d:be:c7:c2:35:04:04:90:b9:92:
     6b:0f:b5:9f:96:2b:55:a5:1a:81:79:8a:4c:bd:fa:0b:94:73:
     39:49:13:8f:de:00:c4:99:b5:8f:0f:f5:8a:1e:f1:99:8e:73:
     d4:77:89:88:b9:0f:de:b5:13:3e:17:0d:b1:89:e9:3f:cd:74:
     c0:b8:8d:06:b7:c3:2d:e0:71:20:3a:f3:82:9d:fc:bf:94:e3:
     bb:99:19:b9:33:2e:ee:16:df:53:fd:7e:61:e7:85:2d:cb:45:
     cc:31:d4:cf

Response Verify Failure
140131535607456:error:27069076:OCSP routines:OCSP_basic_verify:signer certificate not found:ocsp_vfy.c:85:
cert.pem: good
This Update: Nov 17 09:00:00 2015 GMT
Next Update: Nov 24 09:00:00 2015 GMT

Topic		Replies	Views
Is OCSP responder broken? Issuance Tech	3	7299	April 1, 2018
Unable to verify OCSP response Server	5	20758	December 17, 2015
Strange OCSP Errors	5	6743	December 5, 2015
Host not found in OCSP responder [nginx] Help	3	6050	June 6, 2019
OCSP requests via openssl not working Help	3	4804	August 9, 2017

OCSP response error signer certificate not found

Related topics