On 09/07/2017 04:13 PM, Dr. Stephen Henson wrote:
On Thu, Sep 07, 2017, Robert Moskowitz wrote:
Good progress. A few questions:
on https://jamielinux.com/docs/openssl-certificate-authority/online-certificate-status-protocol.html
The sample server test command is:
openssl ocsp -port 127.0.0.1:2560 -text -sha256 \
-index intermediate/index.txt \
-CA intermediate/certs/ca-chain.cert.pem \
-rkey intermediate/private/ocsp.example.com.key.pem \
-rsigner intermediate/certs/ocsp.example.com.cert.pem \
-nrequest 1
Turns out this is a wrong format for -port. Only the portnum is
allowed, not the host. Turns out that
-port 2560
works as it seems to be listening on localhost. But how DO you set
up which address to listen on? -host seems to be only for client
mode, and I don't see how I would use -url.
There is currently no option to do that.
OK. It does listen on localhost, so I'm OK with just -port 2560. I
will have to send Jamie a note...
The -sha256 option results in the error:
ocsp: Digest must be before -cert or -serial
ocsp: Use -help for summary.
I don't see either -cert or -serial in that command. If I leave the
hash out, it defaults to sha1. How do I specify the hash?
Do you mean the digest the response is signed with? Try the -rmd option if so.
No such option documented at:
https://www.openssl.org/docs/man1.1.0/apps/ocsp.html
but 'openssl ocsp -help' does list it. I am assuming that I would use:
-rmd sha256
Be a bit to I get back to that part of the test
thanks
Bob
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
