OCSP 测试服务器

原创 2007年10月16日 09:12:00

需要寻找一个OCSP测试服务器，今天找到一个，以下为简介：
想请参照：http://www.openvalidation.org/useocspservicenew.htm

How to test client applications with OpenValidation.org

Developers can use the OpenValidation.org Responder Service to test the functionality of their OCSP-enabled client applications. OpenValidation.org provides certificates with known status and several virtual hosts to enable developers to test their OCSP clients extensively with a professional OCSP Responder.

To test an OCSP client application it is neccessary to download the OpenValidation RootCA certificate, OCSP Responder certificate and test certificates (with known status).

Configure your client application to send certificate staus requests to the OpenValidation.org OCSP Responder (http://ocsp.openvalidation.org). We provide several virtual hosts with different OCSP Responder configuration to allow testing with full range of possible responses.

Virtual Hosts at http://ocsp.openvalidation.org:

Port: 80	Standard configuration. OCSP Responder will accept all proper requests and send a signed response.
Port: 8080	Response does not contain any attached certificates. Client must accept this response
Port: 8081	Never replies nonce. Insecure but standard conform mode. Client application should warn in case of replay-attacks
Port: 8082	The OCSP Responder will sign the response with randomized bytecode. Client should NOT accept this response.
Port: 8083	OCSP response will always be *revoked*.
Port: 8084	OCSP response will always be *unknown*.
Port: 8085	OCSP response will always be *malformed*.
Port: 8086	OCSP response will always be *internal error*.
Port: 8087	OCSP response will always be *try later*.
Port: 8088	OCSP response will always be *signature required*.
Port: 8089	OCSP response will always be *unauth*.
Port: 8090	Standard configuration with full Debuglogs. Debuglogs are visible at http://www.openvalidation.org/debug.php

Here you can find detailed information about processing certificate status requests with openssl.

E.g. an openssl status request and the answer with a valid test certificate could look like this:

C:/WINNT/System32/cmd.exe

C:/>openssl ocsp -host ocsp.openvalidation.org:80 -issuer RootCAcert.pem -VAfile OCSPServer.pem -cert User.pem
Response verify OK
User.pem: good
This Update: Aug 17 10:12:03 2001 GMT
Next Update: Aug 16 10:12:03 2006 GM

Or e.g. an openssl status request and the answer with known serial number of a revoked test certificate could look like this:

C:/WINNT/System32/cmd.exe

C:/>openssl ocsp -host ocsp.openvalidation.org:8090 -issuer RootCAcert.pem -VAfile OCSPServer.pem -serial 03
Response verify OK
03: revoked
This Update: Aug 17 10:12:03 2001 GMT
Next Update: Aug 16 10:12:03 2006 GMT
Revocation Time: Aug 17 10:10:39 2001 GM

These openssl request will only work with the newest release of openssl.

ocsp.properties.sample

注：水平有限，仅供个人参考（待续---------）# ------------ OCSP configuration ---------------------OCSP配置# Specifies ...

wuwenlong527

2007-10-19 17:40:00

854

OCSP 测试服务器

需要寻找一个OCSP测试服务器，今天找到一个，以下为简介：想请参照：http://www.openvalidation.org/useocspservicenew.htmHow to test c...

wuwenlong527

2007-10-16 09:12:00

2225

生成OCSP请求和响应的jar包

开源的生成OCSP请求和响应的jar包,很好用,可以试一下... 开源的生成OCSP请求和响应的jar包,很好用,可以试一下综合评分:3 收藏评论(3)举报所需: 3积分/C币 ...

2018年04月16日 00:00

27.openssl编程——OCSP

27.1 概述在线证书状态协议（OCSP, Online Certificate Status Protocol，rfc2560）用于实时表明证书状态。OCSP客户端通过查询OCSP服务来确定一个...

aixiaoxiaoyu

2018-01-26 19:04:32

258

虚拟机火狐浏览器OCSP回应无效

做大家都知道如何去做的事，只会使世界发生从1到n的改变，增添许多类似的改变。但是我们每次创造新事物的时候，会使世界发生从0到1的改变。 ...

drunkpragrammer

2017-11-17 17:56:22

180

OS X:OCSP和CRL的设置

为了能使Safari自动地废止被废弃的认证，需要在用户的Keychain中设置OCSP和CRL打开： Keychain Access程序中的Preferences, Certificates标签中，使...

afatgoat

2011-06-22 04:14:00

2562

您举报文章：OCSP 测试服务器
举报原因：	色情政治抄袭广告招聘骂人其他
原文地址：
原因补充：	(最多只允许输入30个字)

您举报文章：OCSP 测试服务器

举报原因：

色情政治抄袭广告招聘骂人
其他

原因补充：

(最多只允许输入30个字)

OCSP 测试服务器

Online Certificate Status Protocol （OCSP）协议概述

ocsp.properties.sample