The OpenCA OCSPD project is aimed to develop a robust and easy-to-install OCSP daemon. The server is developed as a stand-alone application and can be integrated into many different PKI solutions as it does not depend on specific database scheme. Furthermore it can be used as a responder for multiple CAs.

Online Certificate Status Protocol. The Online Certificate Status Protocol (OCSP) was created as an alternative to certificate revocation lists (CRLs). Similar to CRLs, OCSP enables a requesting party (eg, a web browser) to determine the revocation state of a certificate. When a CA signs a certificate, they will typically include an OCSP server address (eg, in the certificate. OpenSSL: Manually verify a certificate against an OCSP Jul 04, 2014 How to Configure an OCSP Responder Feb 07, 2019

OpenSSLによる証明書検証環境構築(802.1x,CRL,OCSP) - Cisco …

SSL/TLS Strong Encryption: How-To - Apache HTTP Server


openssl - OCSP invalidation of intermediate CA using OCSP I'm implementing an OCSP server to answer OCSP requests for my custom CA. I already implemented the invalidation of leaves certificates, with the intermediate CA certificate signing the OCSP response, and it seems to be working. However, I have troubles implementing the OCSP response to invalidate a intermediate certificate. OpenSSL Cookbook: Chapter 2. Testing with OpenSSL $ openssl s_client -connect -servername In order to specify the server name, OpenSSL needs to use a feature of the newer handshake format (the feature is called Server Name Indication [SNI]), and that will force it to abandon the old format. How to do OCSP requests using OpenSSL and CURL Peter, if I understand correctly your environment uses a SOCKS proxy to gain access to the network where the OCSP server is located and since neither OpenSSL or certutil support that natively you are asking how to run a test in such an environment? SSL/TLS Strong Encryption: How-To - Apache HTTP Server