// check if there's a responder certificate
X509CertificateHolder[] certHolders = ocspResp.getCerts();
if (certHolders.length > 0) {
responderCert = new JcaX509CertificateConverter().setProvider( "BC" ).getCertificate(certHolders[0]);
try {
responderCert.verify(issuerCert.getPublicKey());
}
catch(GeneralSecurityException e) {
if (super.verify(responderCert, issuerCert, null).size() == 0)
throw new VerificationException(responderCert, "Responder certificate couldn't be verified");
}