OCSP - Trusted responder model

murugesh pitchaiah murugesh.pitchaiah at gmail.com
Wed Aug 3 16:52:45 UTC 2022


I am looking for testing the Trusted OCSP responder model.
Here is the certificate hierarchy:
1) rootca-->subca-->leaf
2) responderca (another root ca)

subChain : Contains both subca and rootca
index.txt - contains the entries for subca and leaf

OCSP Request is raised in the sequence: 1) leaf 2) subca

This is how the i tried running the ocsp responder:

> openssl ocsp -port 2561 -text -index index.txt -CA subChain  -rkey
respondercakey.pem  -rsigner respondercacert.pem
Here got good response for leaf but for subca - unknown is returned by

> openssl ocsp -port 2561 -text -index index.txt -CA cacert.pem  -rkey
respondercakey.pem  -rsigner respondercacert.pem
Here unknown is returned by responder for leaf

Could you please help here with what I am missing ? Is there any other way
to give the "CA" option while running "global responder" -that is a trusted
responder model ?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220803/9f6ee8f3/attachment.htm>

More information about the openssl-users mailing list