EldoS | Feel safer!

Software components for data protection, secure storage and transfer

OCSP always unknown

Posted: 06/01/2012 16:21:50
by Greg Werner (Standard support level)
Joined: 04/25/2008
Posts: 13

Hi, im doing a certificate validation through OCSP, but the answer is always 2 (Unknown), im sure that the ocsp is fine and the ocsp certificate because i have another application from another provider, and the answer is correct.
Any commentaries will be appreciated.
Posted: 06/01/2012 16:41:43
by Ken Ivanov (Team)

Thank you for contacting us.

Could you please let us know the exact component(s) you are using? Having a snippet of your code performing the validation would be of great help.
Posted: 06/04/2012 11:36:11
by Greg Werner (Standard support level)
Joined: 04/25/2008
Posts: 13

Thanks, i put the sample code in C#:
public ECertificateStatus ValidateOCSP(CertificateAuthority certificateAuthority, string urlOCSP)


            TElMemoryCertStorage CertStorage = new TElMemoryCertStorage();

            CertStorage.Add(_Certificate, false);

            TElMemoryCertStorage IssuerCertStorage = new TElMemoryCertStorage();

            IssuerCertStorage.Add(certificateAuthority._Certificate, false);

            TElHTTPOCSPClient OCSPClient = new TElHTTPOCSPClient();

            OCSPClient.CertStorage = CertStorage;

            OCSPClient.IssuerCertStorage = IssuerCertStorage;

            OCSPClient.HTTPClient = new TElHTTPSClient(new SBUtils.TSBComponentBase());

            OCSPClient.URL = urlOCSP != null ? urlOCSP : certificateAuthority._UrlOcsp;

            if (OCSPClient.URL == null)

            { _Status = ECertificateStatus.UrlNotExist; return Status; }




                byte[] ServerRequest = new byte[0];

                short ServerReply = new short();

                OCSPClient.PerformRequest(ref ServerReply, ref ServerRequest);

                OCSPClient.ProcessReply(ServerRequest, ref ServerReply);

                _Status = ResponseOCSP(OCSPClient.get_CertStatus(0));


            catch (Exception)


                _Status = ECertificateStatus.ConnectionError;



            return Status;


Where :

_Certificate (TElX509Certificate)

certificateAuthority._Certificate (TElX509Certificate)
Posted: 06/04/2012 13:04:51
by Vsevolod Ievgiienko (Team)

We have a sample that is located in \EldoS\SecureBlackbox.NET\Samples\C#\PKIBlackbox\OCSPClient folder. Please check if it works for you.
Posted: 06/04/2012 16:07:04
by Greg Werner (Standard support level)
Joined: 04/25/2008
Posts: 13

I already check it but as i put it here, with other party code the ocsp answers revoked, but when i use Eldos always is answering unknown
Posted: 06/05/2012 00:34:31
by Eugene Mayevski (Team)

It's not a question of whether the OCSP works with something else, but a question of whether the sample works or produces the same Unknown result. If the sample doesn't work as well, please post your certificate and its CA certificate to HelpDesk so that we could investigate the problem. If the sample works, please check the difference between the sample and your code.

Sincerely yours
Eugene Mayevski



Topic viewed 1079 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!