[openssl-users] Why is this OCSP response reporting a hash using SHA1?
Robert Moskowitz
rgm at htt-consult.com
Fri Sep 8 16:20:59 UTC 2017
I am using the test responder:
openssl ocsp -port 2560 -text -rmd sha256\
-index index.txt \
-CA certs/ca-chain.cert.pem \
-rkey private/$ocspurl.key.pem \
-rsigner certs/$ocspurl.cert.pem \
-nrequest 1
What is the SHA1 hash report about? It comes right after the line:
Certificate ID:
openssl ocsp -CAfile certs/ca-chain.cert.pem \
-url http://127.0.0.1:2560 -resp_text \
-issuer certs/8021ARintermediate.cert.pem \
-cert certs/$targetcert.cert.pem
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: O = HTT Consulting, OU = Devices
Produced At: Sep 8 16:11:38 2017 GMT
Responses:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: CA1F5832FA387F0127D8E0583F7331D1B903DBF0
Issuer Key Hash: A3278D00B053BF259193A4833E669C451DAD36E0
Serial Number: 762900CAB55A4762
Cert Status: revoked
Revocation Time: Sep 7 06:48:28 2017 GMT
This Update: Sep 8 16:11:38 2017 GMT
Response Extensions:
OCSP Nonce:
0410DBAEC40AE0C9696C715A8F476383D112
Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:a7:3e:9f:40:29:21:bc:1b:af:22:41:f7:5d:
70:d8:3f:db:98:16:7c:62:b4:e9:cf:4c:1e:43:db:fa:07:42:
f7:02:21:00:f6:05:82:c8:85:ef:dc:17:ec:0f:59:ce:5e:fd:
36:8f:ac:5a:29:32:17:9d:22:c1:c2:77:e8:f7:7a:0c:ff:af
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
aa:56:78:7a:d5:f7:de:4f
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=MI, O=HTT Consulting, OU=Devices, CN=802.1AR CA
Validity
Not Before: Sep 7 06:40:11 2017 GMT
Not After : Dec 31 23:59:59 9999 GMT
Subject: O=HTT Consulting, OU=Devices
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:d8:a1:6c:09:c0:13:fc:30:6f:02:1e:a0:d3:cc:
02:8c:b0:e1:2a:84:1d:94:ed:2e:92:b8:25:d0:00:
3d:a0:1a:43:dc:83:12:13:e0:74:a4:97:b7:4e:ed:
26:18:c0:36:38:a1:f8:c0:bb:d8:5c:14:cd:a7:23:
f5:71:51:bc:6c
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
57:34:03:80:50:53:9B:EA:2A:06:37:FF:8A:1E:32:72:70:DD:41:9F
X509v3 Authority Key Identifier:
keyid:A3:27:8D:00:B0:53:BF:25:91:93:A4:83:3E:66:9C:45:1D:AD:36:E0
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage: critical
OCSP Signing
X509v3 Subject Alternative Name:
DNS:ocsp.htt-consult.com, email:postmaster at htt-consult.com
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:2b:99:ba:72:2a:e5:4c:1b:c1:9c:6a:72:f9:8e:
8f:5f:97:ec:35:e0:19:f3:7f:58:c4:4b:67:fe:dc:47:68:45:
02:20:37:07:0a:be:09:bd:20:b5:21:c5:23:80:4a:4d:57:47:
56:4a:79:cc:6d:e0:57:5e:ef:bc:9b:eb:6d:3a:db:73
-----BEGIN CERTIFICATE-----
MIICMTCCAdigAwIBAgIJAKpWeHrV995PMAoGCCqGSM49BAMCMFoxCzAJBgNVBAYT
AlVTMQswCQYDVQQIDAJNSTEXMBUGA1UECgwOSFRUIENvbnN1bHRpbmcxEDAOBgNV
BAsMB0RldmljZXMxEzARBgNVBAMMCjgwMi4xQVIgQ0EwIBcNMTcwOTA3MDY0MDEx
WhgPOTk5OTEyMzEyMzU5NTlaMCsxFzAVBgNVBAoMDkhUVCBDb25zdWx0aW5nMRAw
DgYDVQQLDAdEZXZpY2VzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2KFsCcAT
/DBvAh6g08wCjLDhKoQdlO0ukrgl0AA9oBpD3IMSE+B0pJe3Tu0mGMA2OKH4wLvY
XBTNpyP1cVG8bKOBszCBsDAJBgNVHRMEAjAAMB0GA1UdDgQWBBRXNAOAUFOb6ioG
N/+KHjJycN1BnzAfBgNVHSMEGDAWgBSjJ40AsFO/JZGTpIM+ZpxFHa024DAOBgNV
HQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwOwYDVR0RBDQwMoIU
b2NzcC5odHQtY29uc3VsdC5jb22BGnBvc3RtYXN0ZXJAaHR0LWNvbnN1bHQuY29t
MAoGCCqGSM49BAMCA0cAMEQCICuZunIq5UwbwZxqcvmOj1+X7DXgGfN/WMRLZ/7c
R2hFAiA3Bwq+Cb0gtSHFI4BKTVdHVkp5zG3gV17vvJvrbTrbcw==
-----END CERTIFICATE-----
Response verify OK
certs/Wt1234.cert.pem: revoked
This Update: Sep 8 16:11:38 2017 GMT
Revocation Time: Sep 7 06:48:28 2017 GMT
Thank you
Bob
More information about the openssl-users
mailing list