On 12/09/2017 15:56, Robert Moskowitz wrote:
On 09/12/2017 09:38 AM, Robert Moskowitz wrote:
On 09/12/2017 09:09 AM, Dr. Stephen Henson wrote:
On Mon, Sep 11, 2017, Robert Moskowitz wrote:
I would actually really like to have a SIMPLE OCSP responder. But
so far have not found one.
On 09/12/2017 09:38 AM, Robert Moskowitz wrote:
On 09/12/2017 09:09 AM, Dr. Stephen Henson wrote:
On Mon, Sep 11, 2017, Robert Moskowitz wrote:
I would actually really like to have a SIMPLE OCSP responder. But
so far have not found one. freeIPA has one buried within it, but
that is too
On 09/12/2017 09:09 AM, Dr. Stephen Henson wrote:
On Mon, Sep 11, 2017, Robert Moskowitz wrote:
I would actually really like to have a SIMPLE OCSP responder. But
so far have not found one. freeIPA has one buried within it, but
that is too disruptive to install unless you buy into freeIPA.
On Mon, Sep 11, 2017, Robert Moskowitz wrote:
>
> I would actually really like to have a SIMPLE OCSP responder. But
> so far have not found one. freeIPA has one buried within it, but
> that is too disruptive to install unless you buy into freeIPA.
>
Well the OpenSSL ocsp respoder isn't much
On 09/11/2017 12:23 PM, Salz, Rich via openssl-users wrote:
Ah, put -sha256 in the CLIENT request. Seems kind of backward. Or at
least the server should have some control over the hash used?
Well, it is the client that is making the request, so therefore the client
Ah, put -sha256 in the CLIENT request. Seems kind of backward. Or at
least the server should have some control over the hash used?
Well, it is the client that is making the request, so therefore the client
needs to hash the cert information.
A production-quality OCSP
On 09/08/2017 10:08 PM, Dr. Stephen Henson wrote:
On Fri, Sep 08, 2017, Robert Moskowitz wrote:
I am using the test responder:
openssl ocsp -port 2560 -text -rmd sha256\
-index index.txt \
-CA certs/ca-chain.cert.pem \
-rkey private/$ocspurl.key.pem \
On Fri, Sep 08, 2017, Robert Moskowitz wrote:
> I am using the test responder:
>
>openssl ocsp -port 2560 -text -rmd sha256\
> -index index.txt \
> -CA certs/ca-chain.cert.pem \
> -rkey private/$ocspurl.key.pem \
> -rsigner certs/$ocspurl.cert.pem \
>
I am using the test responder:
openssl ocsp -port 2560 -text -rmd sha256\
-index index.txt \
-CA certs/ca-chain.cert.pem \
-rkey private/$ocspurl.key.pem \
-rsigner certs/$ocspurl.cert.pem \
-nrequest 1
What is the SHA1 hash report about? It