,issuer:always
[ v3_OCSP ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = OCSPSigning
--
View this message in context:
http://openssl.6102.n7.nabble.com/OSCP-request-tp45835p45866.html
Sent from the OpenSSL - User mailing list archive
On Thu, Jul 18, 2013, redpath wrote:
*To recap I cleaned all the directories to assure nothing is wrong in them.*
*I still get a unknown response.*
These commands were run from a directory and produced the following output
to setup the OpenSSL OCSP Server
*The output of the server is*
On Thu, Jul 18, 2013, redpath wrote:
I then run this command
*openssl ocsp -issuer ./demoCA/cacert.pem -serial 0x1000 -text *
OCSP Request Data:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash:
this message in context:
http://openssl.6102.n7.nabble.com/OSCP-request-tp45835p45870.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User
there are no mistakes here.*
--
View this message in context:
http://openssl.6102.n7.nabble.com/OSCP-request-tp45835p45874.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project
From: owner-openssl-us...@openssl.org On Behalf Of redpath
Sent: Thursday, 18 July, 2013 11:03
*I found the issue and fixed it but that leads to a question
of security*
The error is here. The x509 that I want to check I also provide as the
issuer
since it was issued by the same issuer.
solution below for anyone to see how to
programmatically create an OSCP request.
./OCSPrequest -help
Usage:
./OCSPrequest cert issuer root
eg:
./OCSPrequest 1000.pem ./demoCA/cacert.pem
OCSPrequest.c
/**
* cc -o OCSPrequest -Wno-deprecated-declarations
-Wno
? The cert is in demoCA/newcerts/1000.pem
The index.txt file looks okay to me.*
V 140717130131Z 1000unknown /C=AU/ST=Some-State/O=Redpath
Corporation
*So what is the issue?*
--
View this message in context:
http://openssl.6102.n7.nabble.com/OSCP-request-tp45835p45858.html
Sent
On Wed, Jul 17, 2013, redpath wrote:
Got the OCSP Server to respond to the test OCSP request program nicely.
*Of course one more question.*
I simply had to setup the infrastructure for the OSCP server excerpted
below.
to create the signing key and directories.
mkdir demoCA
mkdir
To make this more clear, I simply have an X509 and want to programmatically
create a OSCP request to check status for the cert.
There are no examples other than openssl commands, I have a program on a
device and
need to programmatically check x509 periodically.
Thanks in advance.
--
View
There are no examples other than openssl commands, I have a program on a
device and need to programmatically check x509 periodically.
That is generally true of most openssl-based applications
You'll have to start by reading and learning apps/ocsp.c
/r$
--
Principal Security
On Tue, Jul 16, 2013, redpath wrote:
To make this more clear, I simply have an X509 and want to programmatically
create a OSCP request to check status for the cert.
You also need the CA certificate as the hash of the CA public key is
needed.
There are no examples other than openssl
I was able to piece together a test application (enclosed below) which loads
an x509 file and performs
an OSCP request programmatically. I created a server to dump what is written
at the port.
The result is shown below.
POST
[ /][Content-Type:application/ocsp-request]
[Content-Length:113
From: owner-openssl-us...@openssl.org On Behalf Of redpath
Sent: Tuesday, 16 July, 2013 11:13
I was able to piece together a test application (enclosed
below) which loads an x509 file and performs
an OSCP request programmatically. I created a server to dump
what is written at the port
I see that OPENSSL provides a command for a OSCP and need to create an OSCP
request as a POST or GET.
What source code file creates this request and makes a connection.
Basically an OCSP REQUEST contains the following fields
documented in RFC6960
- protocol version (I assume this is 0
15 matches
Mail list logo