[openssl-users] Why is this OCSP response reporting a hash using SHA1?
Robert Moskowitz
rgm at htt-consult.com
Mon Sep 11 16:16:27 UTC 2017
On 09/08/2017 10:08 PM, Dr. Stephen Henson wrote:
> On Fri, Sep 08, 2017, Robert Moskowitz wrote:
>
>> I am using the test responder:
>>
>> openssl ocsp -port 2560 -text -rmd sha256\
>> -index index.txt \
>> -CA certs/ca-chain.cert.pem \
>> -rkey private/$ocspurl.key.pem \
>> -rsigner certs/$ocspurl.cert.pem \
>> -nrequest 1
>>
>>
>> What is the SHA1 hash report about? It comes right after the line:
>> Certificate ID:
>>
>> Certificate ID:
>> Hash Algorithm: sha1
>> Issuer Name Hash: CA1F5832FA387F0127D8E0583F7331D1B903DBF0
>> Issuer Key Hash: A3278D00B053BF259193A4833E669C451DAD36E0
>> Serial Number: 762900CAB55A4762
> It's the hash algorithm used to hash the issuer name and key to identify them.
And how do you get it to use sha256?
I would think that the -rmd sha256 in the responder command would that?
What does it do anyway? It is listed in the -help:
-rmd val Digest Algorithm to use in signature of OCSP
response
but not in the man page.
Ah, put -sha256 in the CLIENT request. Seems kind of backward. Or at
least the server should have some control over the hash used?
thanks
Bob
More information about the openssl-users
mailing list