This is a discussion on Re: How to get the openssl ocsp to send OCSP requests to the - Openssl ; On Mon, Oct 29, 2007, Bruce Keats wrote: > Hi, > > I have been trying for a couple of days now to test an OCSP responder, but I > am having problems getting the openssl OCSP client to send ...
On Mon, Oct 29, 2007, Bruce Keats wrote:
> I have been trying for a couple of days now to test an OCSP responder, but I
> am having problems getting the openssl OCSP client to send the OCSP requests
> to the OCSP responder listed in the certificate's AIA. If I use the -url
> option with openssl ocsp command, then it will generate the OCSP request,
> send the request to the URI and decode and print the results. Here is a
> sample command:
> openssl ocsp -issuer /tmp/cacert.pem -cert /tmp/bruce-cert.pem -text
> -CAfile /tmp/cacert.pem -url http://192.168.0.185:80
> This works!
> I would have thought that if I remove the -url option from the command then
> openssl would send the OCSP request to the list of OCSP responders in the
> Authority Information Access (AIA) extension. Well, it does not. Instead
> it just prints out the request and exits. I have tried various options
> without success. I have read the man page many times and did some google
> searches without finding anything that works. I am sure I am overlooking
> the obvious.
Well the obvious in this case is that that functionality is not currently
supported. It will be added at some point though.
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
OpenSSL Project http://www.openssl.org
User Support Mailing List email@example.com
Automated List Manager firstname.lastname@example.org