Hi, when I was looking for an OCSP responder in January I also found OpenCA.org and I also think it is dead.
If you want to use it, read the mailing list. Someone posted important patches (against memory leaks and other things). Another thing is, that I am not sure if an OCSP responder, which only uses a CRL data source are good. You don't only want to know if a certificate is revoked, you also want to know if it was issued, if the CA knows anything about it. Enterprise CAs like EJBCA uses a database to track certificates. Because running Jboss was too much for my project, I found r509 (http://r509.org). It is Ruby-based and uses Ruby's OpenSSL libs. r509-ocsp-responder can be combined with nginx, which is really powerful. Well, it doesn't support reading from CRL as data source :) You could 1) Add it, if you know Ruby 2) Or you could parse your CRL with r509 and create a database from it But again I think it would be better to use a full database, as stated before. -- Regards, Igor ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
