[openssl-users] Testing OCSP with openssl

Robert Moskowitz rgm at htt-consult.com
Tue Sep 5 16:06:03 UTC 2017

On 09/05/2017 11:59 AM, Dr. Stephen Henson wrote:
> On Tue, Sep 05, 2017, Robert Moskowitz wrote:
>> Jamie Nugyen's guide uses openssl to test OCSP with 'openssl ocsp':
>> https://jamielinux.com/docs/openssl-certificate-authority/online-certificate-status-protocol.html
>> What is unclear here is:
>> Does openssl read the index.txt file once at startup, or does it
>> read it with each query.  From the way I read his guide it reads
>> like index.txt is only read at startup.
> Once on startup. The mini-responder is only a test utility.
> It is not usable as a full blown responder.

Oh, I got the test utility limitation.  Just for my guide, after 
revoking the certificate which results in index.txt being updated, does 
the test 'openssl ocsp' service need to be restarted to reread the 
index.txt file?

So from your response, just the once at startup, and I will have to 
specify (as Jamie does in his guide) to restart the test responder.

I am searching for a 'simple' OCSP responder for myself...



More information about the openssl-users mailing list