[openssl-users] Problems with server mode of openssl ocsp
Robert Moskowitz
rgm at htt-consult.com
Thu Sep 7 19:20:15 UTC 2017
Good progress. A few questions:
on
https://jamielinux.com/docs/openssl-certificate-authority/online-certificate-status-protocol.html
The sample server test command is:
openssl ocsp -port 127.0.0.1:2560 -text -sha256 \
-index intermediate/index.txt \
-CA intermediate/certs/ca-chain.cert.pem \
-rkey intermediate/private/ocsp.example.com.key.pem \
-rsigner intermediate/certs/ocsp.example.com.cert.pem \
-nrequest 1
Turns out this is a wrong format for -port. Only the portnum is
allowed, not the host. Turns out that
-port 2560
works as it seems to be listening on localhost. But how DO you set up
which address to listen on? -host seems to be only for client mode, and
I don't see how I would use -url.
The -sha256 option results in the error:
ocsp: Digest must be before -cert or -serial
ocsp: Use -help for summary.
I don't see either -cert or -serial in that command. If I leave the
hash out, it defaults to sha1. How do I specify the hash?
thanks
Bob
More information about the openssl-users
mailing list