I am using OpenSSL version
OpenSSL 1.0.1e 11 Feb 2013
and the ocsp works fine.
openssl ocsp -index ./demoCA/index.txt -port 8082 -rsigner authocspsign.crt
-rkey ocspsign.key -CA ./demoCA/cacert.pem -text
and I issue a request and get a response nicely. But then I am using
char *url=
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Patrick Patterson
Sent: Thursday, July 18, 2013 9:35 AM
To: openssl-users@openssl.org
Subject: Re: OSCP server does not update status
Hi there,
One thing that, I think, the OCSP man page
.
Cheers,
Patrick.
Thanks,
Steve
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Patrick Patterson
Sent: Thursday, July 18, 2013 9:35 AM
To: openssl-users@openssl.org
Subject: Re: OSCP server does not update
Hi there,
One thing that, I think, the OCSP man page makes very clear is that the OCSP
server implementation is to be used for testing only, and not to be used for
any sort of real-life scenario. To get real-time updating based on changes in
the index.txt file from the CA, you'd have to write
Far enough thats good to know. Will use for testing only the OCSP request
construction
and return information parsing.
--
View this message in context:
http://openssl.6102.n7.nabble.com/OSCP-server-does-not-update-status-tp45877p45880.html
Sent from the OpenSSL - User mailing list archive at
Is there a standard to revoke a cert with a request to an OCSP. I know to
check status for an OCSP request works nicely using the OpenSSL API and is
standard RFC6960. I would think not for security issues.
Or is it simply a particular to what OSCP server product you decided to use
and allow
Is there a standard to revoke a cert with a request to an OCSP.
Nothing part of OCSP. There are various other standards around (e.g., XKMS
from W3C, KMIP from OASIS) but they're nowhere near as widely used.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA