Other blogs say the ocsp section should be in the server_sig_request.conf files that generate the signature requests. My server_sig_request.conf files do not have any ocsp stuff in them. Should they include "OCSPSigning" or some other mention of ocsp?
If I insert ocsp sections into the ca or server_sig_request conf files, how does that effect the command line for creating the self-signed CA cert, and/or the command for the CA to sign the request? Specifically I wonder about using the -extensions option, and using the -CAFile option when I try a test connection to the ocsp server.
Finally, I'm uncertain about how the ocsp server uses relative v.s. absolute paths. Does the current directory matter when starting the ocsp server? Does it matter when attempting to test via the URI?
I will post copies of the ca.conf and server_sig_request.conf, if requested.