[openssl-users] Help with OpenSSL's OCSP responder serving pre-produced responses
Coty Sutherland
csutherl at redhat.com
Thu May 10 13:10:00 UTC 2018
Hi,
Can anyone tell me how to serve pre-produced responses with OpenSSL's
OCSP responder? My current understanding is that what I'm doing should
work, but it doesn't. The pre-produced response correctly prints to
stdout...but it doesn't actually go back to the client (instead
openssl sends an RST).
Here's what I'm doing:
1) Setup a OCSP responder
openssl ocsp -index ca.db -port 8088 -rsigner ca.pem -CA ca.pem -text
2) Create a pre-produced response object for later use
openssl ocsp -issuer ca.pem -cert revoked.test.example.com.crt -text
-url http://127.0.0.1:8088
-respout resp_revoked_first.out
3) Start responder with pre-produced response
openssl ocsp -port 8088 -text -respin resp_revoked_first.out
4) Make a request and get error response (Error querying OCSP responder)
openssl ocsp -issuer ca.pem -cert revoked.test.example.com.crt -text
-url http://127.0.0.1:8088
Thoughts? Am I doing something stupid?
TIA,
Coty
More information about the openssl-users
mailing list