I am using the test responder: openssl ocsp -port 2560 -text -rmd sha256\ -index index.txt \ -CA certs/ca-chain.cert.pem \ -rkey private/$ocspurl.key.pem \ -rsigner certs/$ocspurl.cert.pem \ -nrequest 1
What is the SHA1 hash report about? It comes right after the line: Certificate ID:
openssl ocsp -CAfile certs/ca-chain.cert.pem \ -url http://127.0.0.1:2560 -resp_text \ -issuer certs/8021ARintermediate.cert.pem \ -cert certs/$targetcert.cert.pem OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: O = HTT Consulting, OU = Devices Produced At: Sep 8 16:11:38 2017 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: CA1F5832FA387F0127D8E0583F7331D1B903DBF0 Issuer Key Hash: A3278D00B053BF259193A4833E669C451DAD36E0 Serial Number: 762900CAB55A4762 Cert Status: revoked Revocation Time: Sep 7 06:48:28 2017 GMT This Update: Sep 8 16:11:38 2017 GMT Response Extensions: OCSP Nonce: 0410DBAEC40AE0C9696C715A8F476383D112 Signature Algorithm: ecdsa-with-SHA256 30:46:02:21:00:a7:3e:9f:40:29:21:bc:1b:af:22:41:f7:5d: 70:d8:3f:db:98:16:7c:62:b4:e9:cf:4c:1e:43:db:fa:07:42: f7:02:21:00:f6:05:82:c8:85:ef:dc:17:ec:0f:59:ce:5e:fd: 36:8f:ac:5a:29:32:17:9d:22:c1:c2:77:e8:f7:7a:0c:ff:af Certificate: Data: Version: 3 (0x2) Serial Number: aa:56:78:7a:d5:f7:de:4f Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, ST=MI, O=HTT Consulting, OU=Devices, CN=802.1AR CA Validity Not Before: Sep 7 06:40:11 2017 GMT Not After : Dec 31 23:59:59 9999 GMT Subject: O=HTT Consulting, OU=Devices Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:d8:a1:6c:09:c0:13:fc:30:6f:02:1e:a0:d3:cc: 02:8c:b0:e1:2a:84:1d:94:ed:2e:92:b8:25:d0:00: 3d:a0:1a:43:dc:83:12:13:e0:74:a4:97:b7:4e:ed: 26:18:c0:36:38:a1:f8:c0:bb:d8:5c:14:cd:a7:23: f5:71:51:bc:6c ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: 57:34:03:80:50:53:9B:EA:2A:06:37:FF:8A:1E:32:72:70:DD:41:9F X509v3 Authority Key Identifier: keyid:A3:27:8D:00:B0:53:BF:25:91:93:A4:83:3E:66:9C:45:1D:AD:36:E0 X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: critical OCSP Signing X509v3 Subject Alternative Name: DNS:ocsp.htt-consult.com, email:postmas...@htt-consult.com Signature Algorithm: ecdsa-with-SHA256 30:44:02:20:2b:99:ba:72:2a:e5:4c:1b:c1:9c:6a:72:f9:8e: 8f:5f:97:ec:35:e0:19:f3:7f:58:c4:4b:67:fe:dc:47:68:45: 02:20:37:07:0a:be:09:bd:20:b5:21:c5:23:80:4a:4d:57:47: 56:4a:79:cc:6d:e0:57:5e:ef:bc:9b:eb:6d:3a:db:73 -----BEGIN CERTIFICATE----- MIICMTCCAdigAwIBAgIJAKpWeHrV995PMAoGCCqGSM49BAMCMFoxCzAJBgNVBAYT AlVTMQswCQYDVQQIDAJNSTEXMBUGA1UECgwOSFRUIENvbnN1bHRpbmcxEDAOBgNV BAsMB0RldmljZXMxEzARBgNVBAMMCjgwMi4xQVIgQ0EwIBcNMTcwOTA3MDY0MDEx WhgPOTk5OTEyMzEyMzU5NTlaMCsxFzAVBgNVBAoMDkhUVCBDb25zdWx0aW5nMRAw DgYDVQQLDAdEZXZpY2VzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2KFsCcAT /DBvAh6g08wCjLDhKoQdlO0ukrgl0AA9oBpD3IMSE+B0pJe3Tu0mGMA2OKH4wLvY XBTNpyP1cVG8bKOBszCBsDAJBgNVHRMEAjAAMB0GA1UdDgQWBBRXNAOAUFOb6ioG N/+KHjJycN1BnzAfBgNVHSMEGDAWgBSjJ40AsFO/JZGTpIM+ZpxFHa024DAOBgNV HQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwOwYDVR0RBDQwMoIU b2NzcC5odHQtY29uc3VsdC5jb22BGnBvc3RtYXN0ZXJAaHR0LWNvbnN1bHQuY29t MAoGCCqGSM49BAMCA0cAMEQCICuZunIq5UwbwZxqcvmOj1+X7DXgGfN/WMRLZ/7c R2hFAiA3Bwq+Cb0gtSHFI4BKTVdHVkp5zG3gV17vvJvrbTrbcw== -----END CERTIFICATE----- Response verify OK certs/Wt1234.cert.pem: revoked This Update: Sep 8 16:11:38 2017 GMT Revocation Time: Sep 7 06:48:28 2017 GMT Thank you Bob -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users