Why is this OCSP response reporting a hash using SHA1?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am using the test responder:

   openssl ocsp -port 2560 -text -rmd sha256\
         -index index.txt \
         -CA certs/ca-chain.cert.pem \
         -rkey private/$ocspurl.key.pem \
         -rsigner certs/$ocspurl.cert.pem \
         -nrequest 1


What is the SHA1 hash report about? It comes right after the line: Certificate ID:


openssl ocsp -CAfile certs/ca-chain.cert.pem \
          -url http://127.0.0.1:2560 -resp_text \
          -issuer certs/8021ARintermediate.cert.pem \
          -cert certs/$targetcert.cert.pem

OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: O = HTT Consulting, OU = Devices
    Produced At: Sep  8 16:11:38 2017 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: CA1F5832FA387F0127D8E0583F7331D1B903DBF0
      Issuer Key Hash: A3278D00B053BF259193A4833E669C451DAD36E0
      Serial Number: 762900CAB55A4762
    Cert Status: revoked
    Revocation Time: Sep  7 06:48:28 2017 GMT
    This Update: Sep  8 16:11:38 2017 GMT

    Response Extensions:
        OCSP Nonce:
            0410DBAEC40AE0C9696C715A8F476383D112
    Signature Algorithm: ecdsa-with-SHA256
         30:46:02:21:00:a7:3e:9f:40:29:21:bc:1b:af:22:41:f7:5d:
         70:d8:3f:db:98:16:7c:62:b4:e9:cf:4c:1e:43:db:fa:07:42:
         f7:02:21:00:f6:05:82:c8:85:ef:dc:17:ec:0f:59:ce:5e:fd:
         36:8f:ac:5a:29:32:17:9d:22:c1:c2:77:e8:f7:7a:0c:ff:af
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            aa:56:78:7a:d5:f7:de:4f
    Signature Algorithm: ecdsa-with-SHA256
        Issuer: C=US, ST=MI, O=HTT Consulting, OU=Devices, CN=802.1AR CA
        Validity
            Not Before: Sep  7 06:40:11 2017 GMT
            Not After : Dec 31 23:59:59 9999 GMT
        Subject: O=HTT Consulting, OU=Devices
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:d8:a1:6c:09:c0:13:fc:30:6f:02:1e:a0:d3:cc:
                    02:8c:b0:e1:2a:84:1d:94:ed:2e:92:b8:25:d0:00:
                    3d:a0:1a:43:dc:83:12:13:e0:74:a4:97:b7:4e:ed:
                    26:18:c0:36:38:a1:f8:c0:bb:d8:5c:14:cd:a7:23:
                    f5:71:51:bc:6c
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Subject Key Identifier:
                57:34:03:80:50:53:9B:EA:2A:06:37:FF:8A:1E:32:72:70:DD:41:9F
            X509v3 Authority Key Identifier:
                keyid:A3:27:8D:00:B0:53:BF:25:91:93:A4:83:3E:66:9C:45:1D:AD:36:E0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: critical
                OCSP Signing
            X509v3 Subject Alternative Name:
                DNS:ocsp.htt-consult.com, email:postmaster@xxxxxxxxxxxxxxx
    Signature Algorithm: ecdsa-with-SHA256
         30:44:02:20:2b:99:ba:72:2a:e5:4c:1b:c1:9c:6a:72:f9:8e:
         8f:5f:97:ec:35:e0:19:f3:7f:58:c4:4b:67:fe:dc:47:68:45:
         02:20:37:07:0a:be:09:bd:20:b5:21:c5:23:80:4a:4d:57:47:
         56:4a:79:cc:6d:e0:57:5e:ef:bc:9b:eb:6d:3a:db:73
-----BEGIN CERTIFICATE-----
MIICMTCCAdigAwIBAgIJAKpWeHrV995PMAoGCCqGSM49BAMCMFoxCzAJBgNVBAYT
AlVTMQswCQYDVQQIDAJNSTEXMBUGA1UECgwOSFRUIENvbnN1bHRpbmcxEDAOBgNV
BAsMB0RldmljZXMxEzARBgNVBAMMCjgwMi4xQVIgQ0EwIBcNMTcwOTA3MDY0MDEx
WhgPOTk5OTEyMzEyMzU5NTlaMCsxFzAVBgNVBAoMDkhUVCBDb25zdWx0aW5nMRAw
DgYDVQQLDAdEZXZpY2VzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2KFsCcAT
/DBvAh6g08wCjLDhKoQdlO0ukrgl0AA9oBpD3IMSE+B0pJe3Tu0mGMA2OKH4wLvY
XBTNpyP1cVG8bKOBszCBsDAJBgNVHRMEAjAAMB0GA1UdDgQWBBRXNAOAUFOb6ioG
N/+KHjJycN1BnzAfBgNVHSMEGDAWgBSjJ40AsFO/JZGTpIM+ZpxFHa024DAOBgNV
HQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwOwYDVR0RBDQwMoIU
b2NzcC5odHQtY29uc3VsdC5jb22BGnBvc3RtYXN0ZXJAaHR0LWNvbnN1bHQuY29t
MAoGCCqGSM49BAMCA0cAMEQCICuZunIq5UwbwZxqcvmOj1+X7DXgGfN/WMRLZ/7c
R2hFAiA3Bwq+Cb0gtSHFI4BKTVdHVkp5zG3gV17vvJvrbTrbcw==
-----END CERTIFICATE-----
Response verify OK
certs/Wt1234.cert.pem: revoked
	This Update: Sep  8 16:11:38 2017 GMT
	Revocation Time: Sep  7 06:48:28 2017 GMT


Thank you

Bob


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux