000025693 - Nonce appearing in OCSP response when not in original request

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025693
Applies ToValidation Manager 3.1 (EOPS Jun 2013)
Microsoft Windows 2003 Server
Nonce
Identrust
Identrust Optimisation
IssueNonce appearing in OCSP response when not in original request
With Validation Manager 3.1 enabled for Identrus Optimisation the OCSP response contains the Freshness Proof Extension. In this extension the CA Certificate response contains a nonce.This will cause the client to fail.
CauseThe regular CA Certificate OCSP Request from Validation Manager (only occurs with Optimisation enabled) to the Identrust Root had a nonce inserted ( even though the status source is no set to include a nonce). Therefore the response will contains a nonce. This response then gets used in the Freshness Proof Extension.
ResolutionPlease contact RSA Customer Support and ask for fix id98352 ( a new ocsp.dll). This fix will stop the CA Certificate Request from inserting a nonce.
Legacy Article IDa38130

Attachments

    Outcomes