The very first certificate is the server certificate we saved in step 2. For all the certificates below it, copy and save to a file named chain.pem.. Step 3: Get the OCSP Responder for a Server
So you have configured OCSP stapling and you want know if it’s actually working, it’s easy enough to check using the openssl s_client command: openssl s_client -connect login.live.com:443 -tls1 -tlsextdebug -status. Loading ‘screen’ into random state – done. CONNECTED(0000017C) TLS server extension “status request” (id=5), len=0 OCSP client verify fails when responder requires "Host Nov 23, 2016 openssl - Verifying a certificate with Verisign OCSP
I'm attempting to use Verisign's OCSP server to verify a certificate that it has issued, for example, amazon.com. I have the issuer certificate (which was rather hard to find). As well as the amazon 0 certificate. I'm using openSSL but I don't seem to be able to get the right OCSP responder certificate to verify the response.
Mar 07, 2020 debian - OpenSSL OCSP Responder don't start anymore - Unix
openssl ocsp -respin resp.der -text. OCSP server on port 8888 using a standard ca configuration, and a separate responder certificate. All requests and responses are printed to a file. openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem -text -out log.txt. As above but exit after processing one request:
Jan 26, 2011 OCSP processing during TLS handshake · Issue #8499 Mar 16, 2019 2.3.2.5 Configure and Run an OCSP Server OpenSSL includes an option to run as an OCSP server that can respond to OCSP queries. Note that OCSP is preferred over CRLs. Usually, it is a good idea to make sure that an OCSP server is running for your CA, particularly if the OCSP URL appears in your configuration, as this URL is included in each certificate that is signed by the CA.