[openssl-users] OCSP: ocsp.omniroot.com/baltimore/... - what is it exactly?

Salz, Rich rsalz at akamai.com
Thu Apr 30 20:11:33 UTC 2015

> My webserver is getting flooded with queries like:
> ocsp.omniroot.com - - [30/Apr/2015:19:24:30 +0200] "GET
> FVnssF26ib%2BdgHjlI9QTBBTlnVkwgkdYzKz6CFQ2hns6tQRN8AIEByekag%3D
> %3D
> HTTP/1.1" 301 184 "-" "ocspd/1.0.3"

Well, that stinks.
url-decoding (%2b is + and %3d is =), and then base64 decoding it can give you the OCSP request:
;  ./openssl ocsp -text -reqin x.der
OCSP Request Data:
    Version: 1 (0x0)
    Requestor List:
        Certificate ID:
          Hash Algorithm: sha1
          Issuer Name Hash: C12F4576ED1559ECB05DBA89BF9D8078E523D413
          Issuer Key Hash: E59D5930824758CCACFA085436867B3AB5044DF0
          Serial Number: 0727A46A

> Is it possible to say what "Common name / fqdn / certificate" is queried in
> such requests?

Not really.  The protocol assumes that the requestor has the cert, and the server has the serial#, so the protocol sends the minimal information.


More information about the openssl-users mailing list