[openssl-users] Testing OCSP with openssl
Robert Moskowitz
rgm at htt-consult.com
Tue Sep 5 16:06:03 UTC 2017
On 09/05/2017 11:59 AM, Dr. Stephen Henson wrote:
> On Tue, Sep 05, 2017, Robert Moskowitz wrote:
>
>> Jamie Nugyen's guide uses openssl to test OCSP with 'openssl ocsp':
>>
>> https://jamielinux.com/docs/openssl-certificate-authority/online-certificate-status-protocol.html
>>
>> What is unclear here is:
>>
>> Does openssl read the index.txt file once at startup, or does it
>> read it with each query. From the way I read his guide it reads
>> like index.txt is only read at startup.
>>
> Once on startup. The mini-responder is only a test utility.
> It is not usable as a full blown responder.
Oh, I got the test utility limitation. Just for my guide, after
revoking the certificate which results in index.txt being updated, does
the test 'openssl ocsp' service need to be restarted to reread the
index.txt file?
So from your response, just the once at startup, and I will have to
specify (as Jamie does in his guide) to restart the test responder.
I am searching for a 'simple' OCSP responder for myself...
Thanks
Bob
More information about the openssl-users
mailing list