On Thu, Sep 07, 2017, Robert Moskowitz wrote: > Good progress. A few questions: > > on https://jamielinux.com/docs/openssl-certificate-authority/online-certificate-status-protocol.html > > The sample server test command is: > > openssl ocsp -port 127.0.0.1:2560 -text -sha256 \ > -index intermediate/index.txt \ > -CA intermediate/certs/ca-chain.cert.pem \ > -rkey intermediate/private/ocsp.example.com.key.pem \ > -rsigner intermediate/certs/ocsp.example.com.cert.pem \ > -nrequest 1 > > Turns out this is a wrong format for -port. Only the portnum is > allowed, not the host. Turns out that > > -port 2560 > > works as it seems to be listening on localhost. But how DO you set > up which address to listen on? -host seems to be only for client > mode, and I don't see how I would use -url. > There is currently no option to do that. > The -sha256 option results in the error: > > ocsp: Digest must be before -cert or -serial > ocsp: Use -help for summary. > > I don't see either -cert or -serial in that command. If I leave the > hash out, it defaults to sha1. How do I specify the hash? > Do you mean the digest the response is signed with? Try the -rmd option if so. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
