How to test client applications with OpenValidation.org
Developers can use the OpenValidation.org Responder Service to test the functionality of their OCSP-enabled client applications. OpenValidation.org provides certificates with known status and several virtual hosts to enable developers to test their OCSP clients extensively with a professional OCSP Responder.
Configure your client application to send certificate staus requests to the OpenValidation.org OCSP Responder (http://ocsp.openvalidation.org). We provide several virtual hosts with different OCSP Responder configuration to allow testing with full range of possible responses.
Virtual Hosts at http://ocsp.openvalidation.org:
|Port: 80||Standard configuration. OCSP Responder will accept all proper requests and send a signed response.|
|Port: 8080||Response does not contain any attached certificates. Client must accept this response|
|Port: 8081||Never replies nonce. Insecure but standard conform mode. Client application should warn in case of replay-attacks|
|Port: 8082||The OCSP Responder will sign the response with randomized bytecode. Client should NOT accept this response.|
|Port: 8083||OCSP response will always be revoked.|
|Port: 8084||OCSP response will always be unknown.|
|Port: 8085||OCSP response will always be malformed.|
|Port: 8086||OCSP response will always be internal error.|
|Port: 8087||OCSP response will always be try later.|
|Port: 8088||OCSP response will always be signature required.|
|Port: 8089||OCSP response will always be unauth.|
|Port: 8090||Standard configuration with full Debuglogs. Debuglogs are visible at http://www.openvalidation.org/debug.php|
Here you can find detailed information about processing certificate status requests with openssl.
E.g. an openssl status request and the answer with a valid test certificate could look like this:
Or e.g. an openssl status request and the answer with known serial number of a revoked test certificate could look like this:
These openssl request will only work with the newest release of openssl.