[openssl-users] Problems with server mode of openssl ocsp

Robert Moskowitz rgm at htt-consult.com
Thu Sep 7 19:20:15 UTC 2017

Good progress.  A few questions:


The sample server test command is:

openssl ocsp -port -text -sha256 \
       -index intermediate/index.txt \
       -CA intermediate/certs/ca-chain.cert.pem \
       -rkey intermediate/private/ocsp.example.com.key.pem \
       -rsigner intermediate/certs/ocsp.example.com.cert.pem \
       -nrequest 1

Turns out this is a wrong format for -port.  Only the portnum is 
allowed, not the host.  Turns out that

-port 2560

works as it seems to be listening on localhost.  But how DO you set up 
which address to listen on?  -host seems to be only for client mode, and 
I don't see how I would use -url.

The -sha256 option results in the error:

ocsp: Digest must be before -cert or -serial
ocsp: Use -help for summary.

I don't see either -cert or -serial in that command.  If I leave the 
hash out, it defaults to sha1.  How do I specify the hash?



More information about the openssl-users mailing list