EV Checker: BRs no longer require OCSP URI in the AIA of intermediate certificates #429
Comments
|
For testing purposes, see the Test URLs for the 2021 root certs in Update: The certificate chains for the test websites in Bugzilla #1717711 were updated so that the intermediate certificates also have the OCSP URI in the AIA, so they can no longer be used for testing resolution for this issue. |
WilsonKathleen
changed the title
WilsonKathleen
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please update the EV Checker to allow for the intermediate certificates in the chain to not contain an OCSP responder URL in the authorityInformationAccess field. The CA/Browser Forum Baseline Requirements changed this from a MUST to a SHOULD.
Instead of checking for OCSP at the intermediate certificate level, please have the EV Checker verify that the cRLDistributionPoints field in the intermediate certificates do contain an HTTP URL, as required by the BRs.
The text was updated successfully, but these errors were encountered: