OCSP: ocsp.omniroot.com/baltimore/... - what is it exactly?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Bonjour,

Le 30/04/2015 19:44, Tomasz Chmielewski a ?crit :
> This might not be very relevant to OpenSSL, but I'm not sure if there 
> is any better list for this question...
>
> My webserver is getting flooded with queries like:
>
> ocsp.omniroot.com 124.205.254.7 - - [30/Apr/2015:19:24:30 +0200] "GET 
> /baltimoreroot/MEowSKADAgEAMEEwPzA9MAkGBSsOAwIaBQAEFMEvRXbtFVnssF26ib%2BdgHjlI9QTBBTlnVkwgkdYzKz6CFQ2hns6tQRN8AIEByekag%3D%3D 
> HTTP/1.1" 301 184 "-" "ocspd/1.0.3"
>
> ocsp.omniroot.com 222.161.249.75 - - [30/Apr/2015:19:24:33 +0200] "GET 
> /baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACBAcnqkc%3D 
> HTTP/1.1" 301 184 "-" "Microsoft-CryptoAPI/6.1"
>
>
> If I understand it right, because the query was sent to my server 
> (China's Great Firewall DNS poisoning at works), and not to "original" 
> ocsp.omniroot.com, somebody's browser or device was not able to verify 
> if the certificate is still valid or not - am I correct here?

I don't remember the exact behaviour of the first client (I guess it's 
an Apple machine) on receiving this answer. For the Microsoft one, the 
client will try to get the CRL, and should also try a POST request to 
the OCSP responder, but I don't remember which one is tried first.

> Is it possible to say what "Common name / fqdn / certificate" is 
> queried in such requests?

Not directly.

The first request asks for the status of certificate whose serial number 
is 0x0727A46A, the second for the certificate with serial number 
0x0727AA47, both certificates are issued under the same CA, this CA is 
the root "C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root".
If you can crawl a certificates database (there are several out there), 
you can probably find the exact requested certificate (it should be a 
CA, too).



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux