Hi Sandeep,
Thanks for the info, i am trying the same.
Inorder to test my application i am also setting up the ocsp server.
man page suggests:
openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem
-CA demoCA/cacert.pem
-text -out log.txt
I am not able to understand what exactly is index.txt file and what
should be its content.?
Also as i understand the CA certificate should match with the one we
use with -cafile option while making the client request
but what exactly is the rsigner cert and does it have to match with
any of the certificate in the client request?
Thanks
Regards,
Ashish
On Thu, Jun 11, 2009 at 8:49 AM, sandeep kiran p <[email protected]>wrote:
> Hi Ashish,
> Check the man page of oscp. It says -issuer specifies the current issuer
> certificate and this option can be used multiple times. And -cert option
> specifies a request for which the issuer certificate is taken from previous
> issuer option. So in order to verify your chain, I think the command should
> be something as
>
> openssl ocsp -issuer issuer.pem -cert c1.pem -issuer ca.pem -cert issuer.pem
> -url http://ocsp.myhost.com/ -cafile ca.pem -resp_text -respout resp.der
>
> I hope this works.
>
> Thanks,
> Sandeep
>
>
> On Wed, Jun 10, 2009 at 4:19 AM, Ashish Agrawal <[email protected]>wrote:
>
>> Hi,
>>
>> I ve a query on the OCSP request command:
>>
>> openssl ocsp -issuer issuer.pem -cert c1.pem
>> -url http://ocsp.myhost.com/ -cafile ca.pem -resp_text -respout resp.der
>>
>>
>> I have a scenario where i have a three certificate chain.
>>
>> Root Cert - > Intermediate Cert -- >End Cert
>>
>> so here i am interpreting the fileds as
>>
>> issuer :Intermediate Cert
>> cert : end cert
>>
>>
>> cafile: root cert
>>
>> i want to know is my understanding correct ?
>>
>> Regards,
>> Ashish
>>
>>
>>
>>
>>
>
