[openssl-users] Problems with se...rver mode of openssl ocsp
rgm at htt-consult.com
Thu Sep 7 20:38:47 UTC 2017
On 09/07/2017 04:13 PM, Dr. Stephen Henson wrote:
> On Thu, Sep 07, 2017, Robert Moskowitz wrote:
>> Good progress. A few questions:
>> on https://jamielinux.com/docs/openssl-certificate-authority/online-certificate-status-protocol.html
>> The sample server test command is:
>> openssl ocsp -port 127.0.0.1:2560 -text -sha256 \
>> -index intermediate/index.txt \
>> -CA intermediate/certs/ca-chain.cert.pem \
>> -rkey intermediate/private/ocsp.example.com.key.pem \
>> -rsigner intermediate/certs/ocsp.example.com.cert.pem \
>> -nrequest 1
>> Turns out this is a wrong format for -port. Only the portnum is
>> allowed, not the host. Turns out that
>> -port 2560
>> works as it seems to be listening on localhost. But how DO you set
>> up which address to listen on? -host seems to be only for client
>> mode, and I don't see how I would use -url.
> There is currently no option to do that.
OK. It does listen on localhost, so I'm OK with just -port 2560. I
will have to send Jamie a note...
>> The -sha256 option results in the error:
>> ocsp: Digest must be before -cert or -serial
>> ocsp: Use -help for summary.
>> I don't see either -cert or -serial in that command. If I leave the
>> hash out, it defaults to sha1. How do I specify the hash?
> Do you mean the digest the response is signed with? Try the -rmd option if so.
No such option documented at:
but 'openssl ocsp -help' does list it. I am assuming that I would use:
Be a bit to I get back to that part of the test
More information about the openssl-users