It works like this, as I do it like this: openssl ocsp -index db.list -CA ca.pem -rsigner ocsprsp.pem -rkey ocsprsp.key -nmin 45 -resp_key_id -noverify -reqin reqin.bin -respout reqout.bin db.list is generated by using openssl with the ca parameter ca.pem is the certificate that signed the OCSP responder certificate and the certificate that is in db.list ocsprsp.pem and ocsprsp.key are the OCSP responder certificate reqin.bin is the OCSP request, that comes typically with a http request respout.bin is the OCSP response that is typically sent out with a http response On 05.12.2014 07:59, Albers, Thorsten wrote: > > Hi, > > for test purposes I would like to create OCSP responses for a time in > the past, let's say for 5 days in the past. In the documentation for > the ocsp command there is a list of verification options a client > might use / request. > > I would have expected that a command could look like following: > > openssl ocsp -sha256 -issuer Root_A_cert.cer -cert Sub1_A_cert.cer > -reqout Sub1_OCSPRequest.bin -text -attime <old timestamp> > > with <old timestamp> being a time in the past. > > But all I get is openssl telling me that the 'attime' is no valid > parameter. Am I doing something wrong, or is this not implemented yet? > > Gru?, > > Thorsten > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141205/97c6f9d6/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5971 bytes Desc: S/MIME Cryptographic Signature URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141205/97c6f9d6/attachment-0001.bin>
