Got the OCSP Server to respond to the test OCSP request program nicely. *Of course one more question.*
I simply had to setup the infrastructure for the OSCP server excerpted below. to create the signing key and directories. mkdir demoCA mkdir demoCA/newcerts mkdir demoCA/private chmod demoCA touch index.txt echo 1000 > serial openssl req -new -nodes -out ocspsign.csr -keyout ocspsign.key -batch -extensions v3_OCSP -config myconfig.cnf openssl req -new -x509 -days 3650 -extensions v3_ca -keyout ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem -config myconfig.cnf -batch -passout pass:password openssl ca -in ocspsign.csr -out authocspsign.crt -batch -extensions v3_OCSP -config myconfig.cnf -passin pass:password The index.txt file looks like this now cat index.txt V 140717130131Z 1000 unknown /C=AU/ST=Some-State/O=Redpath Corporation I start the server as openssl ocsp -index ./demoCA/index.txt -port 8082 -rsigner authocspsign.crt -rkey ocspsign.key -CA ./demoCA/cacert.pem -text and execute the OCSP request with a PEM that was created with serial ID 1000. The OCSP request and response are shown below OCSP Request Data: Version: 1 (0x0) Requestor List: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: D56D19422F523984CFB9477E7D39A8176AE3811C Issuer Key Hash: CD0B919B45A50EA0BDCE66D7215BA27CE33E2326 *Serial Number: 1000* Request Extensions: OCSP Nonce: 0410206070FB6BD7959849367CEA406BBDBD OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = AU, ST = Some-State, O = Redpath Corporation Produced At: Jul 17 13:26:58 2013 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: D56D19422F523984CFB9477E7D39A8176AE3811C Issuer Key Hash: CD0B919B45A50EA0BDCE66D7215BA27CE33E2326 * Serial Number: 1000* Cert Status: *unknown* This Update: Jul 17 13:26:58 2013 GMT * But the Cert Status says UNKNOWN? The cert is in demoCA/newcerts/1000.pem The index.txt file looks okay to me.* V 140717130131Z 1000 unknown /C=AU/ST=Some-State/O=Redpath Corporation *So what is the issue?* -- View this message in context: http://openssl.6102.n7.nabble.com/OSCP-request-tp45835p45858.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org