EldoS | Feel safer!

Software components for data protection, secure storage and transfer

OCSP always unknown

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
Posted: 06/01/2012 16:21:50
by Greg Werner (Standard support level)
Joined: 04/25/2008
Posts: 13

Hi, im doing a certificate validation through OCSP, but the answer is always 2 (Unknown), im sure that the ocsp is fine and the ocsp certificate because i have another application from another provider, and the answer is correct.
Any commentaries will be appreciated.
Posted: 06/01/2012 16:41:43
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

Could you please let us know the exact component(s) you are using? Having a snippet of your code performing the validation would be of great help.
Posted: 06/04/2012 11:36:11
by Greg Werner (Standard support level)
Joined: 04/25/2008
Posts: 13

Thanks, i put the sample code in C#:
public ECertificateStatus ValidateOCSP(CertificateAuthority certificateAuthority, string urlOCSP)


            TElMemoryCertStorage CertStorage = new TElMemoryCertStorage();

            CertStorage.Add(_Certificate, false);

            TElMemoryCertStorage IssuerCertStorage = new TElMemoryCertStorage();

            IssuerCertStorage.Add(certificateAuthority._Certificate, false);

            TElHTTPOCSPClient OCSPClient = new TElHTTPOCSPClient();

            OCSPClient.CertStorage = CertStorage;

            OCSPClient.IssuerCertStorage = IssuerCertStorage;

            OCSPClient.HTTPClient = new TElHTTPSClient(new SBUtils.TSBComponentBase());

            OCSPClient.URL = urlOCSP != null ? urlOCSP : certificateAuthority._UrlOcsp;

            if (OCSPClient.URL == null)

            { _Status = ECertificateStatus.UrlNotExist; return Status; }




                byte[] ServerRequest = new byte[0];

                short ServerReply = new short();

                OCSPClient.PerformRequest(ref ServerReply, ref ServerRequest);

                OCSPClient.ProcessReply(ServerRequest, ref ServerReply);

                _Status = ResponseOCSP(OCSPClient.get_CertStatus(0));


            catch (Exception)


                _Status = ECertificateStatus.ConnectionError;



            return Status;


Where :

_Certificate (TElX509Certificate)

certificateAuthority._Certificate (TElX509Certificate)
Posted: 06/04/2012 13:04:51
by Vsevolod Ievgiienko (EldoS Corp.)

We have a sample that is located in \EldoS\SecureBlackbox.NET\Samples\C#\PKIBlackbox\OCSPClient folder. Please check if it works for you.
Posted: 06/04/2012 16:07:04
by Greg Werner (Standard support level)
Joined: 04/25/2008
Posts: 13

I already check it but as i put it here, with other party code the ocsp answers revoked, but when i use Eldos always is answering unknown
Posted: 06/05/2012 00:34:31
by Eugene Mayevski (EldoS Corp.)

It's not a question of whether the OCSP works with something else, but a question of whether the sample works or produces the same Unknown result. If the sample doesn't work as well, please post your certificate and its CA certificate to HelpDesk so that we could investigate the problem. If the sample works, please check the difference between the sample and your code.

Sincerely yours
Eugene Mayevski
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.



Topic viewed 986 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!