diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c
index 0dee2fb67..9a7c93497 100644
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@@ -2183,6 +2183,15 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
         CYASSL_MSG("About to verify certificate signature");
  
         if (ca) {
+#ifdef HAVE_OCSP
+            /* Need the ca's public key hash for OCSP */
+            {
+                Sha sha;
+                InitSha(&sha);
+                ShaUpdate(&sha, ca->publicKey, ca->pubKeySize);
+                ShaFinal(&sha, cert->issuerKeyHash);
+            }
+#endif /* HAVE_OCSP */
             /* try to confirm/verify signature */
             if (!ConfirmSignature(cert, ca->publicKey,
                                   ca->pubKeySize, ca->keyOID)) {
diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h
index ef0f5c56b..ed76251f2 100644
--- a/cyassl/ctaocrypt/asn.h
+++ b/cyassl/ctaocrypt/asn.h
@@ -207,6 +207,9 @@ struct DecodedCert {
     word32  keyOID;                  /* sum of key algo  object id       */
     byte    subjectHash[SHA_SIZE];   /* hash of all Names                */
     byte    issuerHash[SHA_SIZE];    /* hash of all Names                */
+#ifdef HAVE_OCSP
+    byte    issuerKeyHash[SHA_SIZE]; /* hash of the public Key           */
+#endif /* HAVE_OCSP */
     byte*   signature;               /* not owned, points into raw cert  */
     char*   subjectCN;               /* CommonName                       */
     int     subjectCNLen;