|Applies To||Validation Manager 3.1 (EOPS Jun 2013)|
Microsoft Windows 2003 Server
|Issue||Nonce appearing in OCSP response when not in original request|
With Validation Manager 3.1 enabled for Identrus Optimisation the OCSP response contains the Freshness Proof Extension. In this extension the CA Certificate response contains a nonce.This will cause the client to fail.
|Cause||The regular CA Certificate OCSP Request from Validation Manager (only occurs with Optimisation enabled) to the Identrust Root had a nonce inserted ( even though the status source is no set to include a nonce). Therefore the response will contains a nonce. This response then gets used in the Freshness Proof Extension.|
|Resolution||Please contact RSA Customer Support and ask for fix id98352 ( a new ocsp.dll). This fix will stop the CA Certificate Request from inserting a nonce.|
|Legacy Article ID||a38130|