OCSP Responder

Online Certificate Status Protocol Responder.

Directories and Files

ocsp/
    |
    |----certs/
    |
    |----private/

OpenSSL configuration

OpenSSL configuration file used to create the private key and certificate signing request (CSR) of the OCSP responder.

Generate CSR and Key

Sign the CSR with the Intermediate CA

Install Certificates Index

OCSP Service

$ openssl ocsp -index ./index.txt \
        -CA certs/intermed-ca.cert.pem \
        -rsinger certs/intermed-ocsp.pem \
        -rother certs/root-ca.pem \
        -resp_key_id \
        -rkey private/intermed-ocps.key \
        -port 6960 \
        -nmin minutes, -ndays days
-text -out log.txt

HTTP Proxy

References

Online Certificate Status Protocol

OpenSSL 1.1 OCSP man page

RFC 6960, RFC 2560