On 09/08/2017 10:08 PM, Dr. Stephen Henson wrote:
On Fri, Sep 08, 2017, Robert Moskowitz wrote:
I am using the test responder:
openssl ocsp -port 2560 -text -rmd sha256\
-index index.txt \
-CA certs/ca-chain.cert.pem \
-rkey private/$ocspurl.key.pem \
-rsigner certs/$ocspurl.cert.pem \
-nrequest 1
What is the SHA1 hash report about? It comes right after the line:
Certificate ID:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: CA1F5832FA387F0127D8E0583F7331D1B903DBF0
Issuer Key Hash: A3278D00B053BF259193A4833E669C451DAD36E0
Serial Number: 762900CAB55A4762
It's the hash algorithm used to hash the issuer name and key to identify them.
And how do you get it to use sha256?
I would think that the -rmd sha256 in the responder command would that?
What does it do anyway? It is listed in the -help:
-rmd val Digest Algorithm to use in signature of OCSP
response
but not in the man page.
Ah, put -sha256 in the CLIENT request. Seems kind of backward. Or at
least the server should have some control over the hash used?
thanks
Bob
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
