On Mon, Oct 29, 2007, Bruce Keats wrote:

> Hi,
> I have been trying for a couple of days now to test an OCSP responder, but I
> am having problems getting the openssl OCSP client to send the OCSP requests
> to the OCSP responder listed in the certificate's AIA. If I use the -url
> option with openssl ocsp command, then it will generate the OCSP request,
> send the request to the URI and decode and print the results. Here is a
> sample command:
> openssl ocsp -issuer /tmp/cacert.pem -cert /tmp/bruce-cert.pem -text
> -CAfile /tmp/cacert.pem -url
> This works!
> I would have thought that if I remove the -url option from the command then
> openssl would send the OCSP request to the list of OCSP responders in the
> Authority Information Access (AIA) extension. Well, it does not. Instead
> it just prints out the request and exits. I have tried various options
> without success. I have read the man page many times and did some google
> searches without finding anything that works. I am sure I am overlooking
> the obvious.

Well the obvious in this case is that that functionality is not currently
supported. It will be added at some point though.

Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org