Strange OCSP response by the Online Responder

hi,
when run certutil -verify -urlfetch on 2 different certificates issued same issuing ca, response quite different , raised concern online responder not working should. here 2 outputs..

output nr1.

crl (null):
issuer: cn=server fqdn
thisupdate: 2015-04-14 21:05
nextupdate: 2015-04-22 09:25
39c5508bc895eef3e97d8b611d1fa1fc17d3db19
issuance[0] = 1.2.752.113.10.1.1.1.1 vgc-pki cps
application[0] = 1.3.6.1.5.5.7.3.2 client authentication
application[1] = 1.3.6.1.5.5.7.3.1 server authentication

output nr2.
crl 323e:
issuer: cn=ca logical name
thisupdate: 2015-04-14 22:05
nextupdate: 2015-04-22 10:25
222195864225835a025a52015d5dca5fc2c71f30
issuance[0] = 1.2.752.113.10.1.1.1.1 vgc-pki cps
application[0] = 1.3.6.1.4.1.311.54.1.2 remote desktop authentication

why first output missing crl number , why produce response server fqdn , not ca logical name?

by way, running 2012 r2 on , online responder.

please me understand.

kind regards
mikael

hi mark

thanks help. here response mark gave.

mikaels question:

hi mark,

please, through them , see if there clue in them issue. honest, don’t know if problem or not online responder.

when produced 2 outputs started first running certutil –verify –urlfetch against certificate vgwb0195 , moved on certificate vgts0034.

like can see in output first certificate vgwb0195, has no crl version number , issuer fqdn of oscp responder. second certificate vgts0034 has crl version number , ca name in issuer field.

when later run certutil –urlcache * delete clear cache , opposite order vgwb0195 1 has crl version number , and ca name issuer.

can explain? bug?

marks answer:

this normal, seeing effects of local caching mechanism. also, delete urlcache ineffective , replaced many years ago syntax:

Windows Server  >  Security