I've been testing ca setup (simple root + intermediary with dedicated ocsp keys) with ocsp certifcate used for signing being based on prime256v1 key. In such scenario, the response still claims it's signed using sha1withrsaencryption.
When comparing with openssl ocsp (server) behaviour, openssl returns correct data (and that's the only difference pretty much) - if you run diff over both responses:
--- good 2018-05-15 13:52:41.837180575 +0200
+++ bad 2018-05-15 13:52:41.837180575 +0200
@@ -22,11 +22,11 @@
This Update: May 15 11:52:41 2018 GMT
Next Update: May 15 11:57:41 2018 GMT
- Signature Algorithm: ecdsa-with-SHA256
- 30:45:02:21:00:87:ee:8f:fc:26:6c:ea:11:47:0b:83:8f:00:
- 3f:58:8a:d0:a3:9e:70:7e:f3:5d:dc:6c:93:44:aa:71:d1:fa:
- 0a:02:20:64:d2:01:08:19:81:c4:d4:90:d5:c5:bb:d9:a8:15:
- d6:f4:7a:d0:c1:ab:83:bf:31:37:9c:82:26:35:55:c2:5e
+ Signature Algorithm: sha1WithRSAEncryption
+ 30:44:02:20:15:fe:1e:90:b4:88:74:e4:2e:2a:73:3f:e9:66:
+ f4:d4:4f:bf:17:c6:8c:41:0a:2e:97:c4:76:9e:e1:eb:e0:b0:
+ 02:20:42:19:7e:78:c6:98:34:1e:37:9e:11:23:69:18:1b:fd:
+ 7a:39:f1:80:10:19:e9:67:5d:2a:a2:37:b9:cd:e7:4d
Certificate:
Data:
Version: 3 (0x2)
I've been testing ca setup (simple root + intermediary with dedicated ocsp keys) with ocsp certifcate used for signing being based on prime256v1 key. In such scenario, the response still claims it's signed using sha1withrsaencryption.
When comparing with openssl ocsp (server) behaviour, openssl returns correct data (and that's the only difference pretty much) - if you run diff over both responses:
openssl ocsp client complains about it this way:
If I change ocsp key to rsa, everything works fine.