Re: OSCP request

Wed, 17 Jul 2013 06:50:47 -0700 

Got the OCSP Server to respond to the test OCSP request program nicely.
*Of course one more question.*

I simply had to setup the infrastructure for the OSCP server excerpted
below.
to create the signing key and directories. 

mkdir demoCA
mkdir demoCA/newcerts
mkdir demoCA/private
chmod demoCA
touch index.txt
echo 1000 > serial
openssl req -new -nodes -out  ocspsign.csr -keyout ocspsign.key -batch
-extensions v3_OCSP -config myconfig.cnf
openssl req -new -x509 -days 3650 -extensions v3_ca  -keyout
./demoCA/private/cakey.pem -out ./demoCA/cacert.pem -config myconfig.cnf
-batch  -passout pass:password
openssl ca -in ocspsign.csr  -out  authocspsign.crt -batch -extensions
v3_OCSP -config myconfig.cnf -passin  pass:password

The index.txt file looks like this now

cat index.txt
V       140717130131Z           1000    unknown /C=AU/ST=Some-State/O=Redpath 
Corporation


I start the server as

openssl ocsp -index ./demoCA/index.txt -port 8082 -rsigner authocspsign.crt
-rkey ocspsign.key  -CA ./demoCA/cacert.pem -text 

and execute the OCSP request with a PEM that was created with serial ID
1000.

The OCSP request and response are shown below

OCSP Request Data:
    Version: 1 (0x0)
    Requestor List:
        Certificate ID:
          Hash Algorithm: sha1
          Issuer Name Hash: D56D19422F523984CFB9477E7D39A8176AE3811C
          Issuer Key Hash: CD0B919B45A50EA0BDCE66D7215BA27CE33E2326
          *Serial Number: 1000*
    Request Extensions:
        OCSP Nonce: 
            0410206070FB6BD7959849367CEA406BBDBD



OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = AU, ST = Some-State, O = Redpath Corporation
    Produced At: Jul 17 13:26:58 2013 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: D56D19422F523984CFB9477E7D39A8176AE3811C
      Issuer Key Hash: CD0B919B45A50EA0BDCE66D7215BA27CE33E2326
    *  Serial Number: 1000*
    Cert Status: *unknown*
    This Update: Jul 17 13:26:58 2013 GMT

*
But the Cert Status says UNKNOWN? The cert is in demoCA/newcerts/1000.pem
The index.txt file looks okay to me.*

V       140717130131Z           1000    unknown /C=AU/ST=Some-State/O=Redpath 
Corporation

*So what is the issue?*




--
View this message in context: 
http://openssl.6102.n7.nabble.com/OSCP-request-tp45835p45858.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to