OCSP 测试服务器

原创 2007年10月16日 09:12:00

How to test client applications with OpenValidation.org

Developers can use the OpenValidation.org Responder Service to test the functionality of their OCSP-enabled client applications. OpenValidation.org provides certificates with known status and several virtual hosts to enable developers to test their OCSP clients extensively with a professional OCSP Responder.

To test an OCSP client application it is neccessary to download the OpenValidation RootCA certificate, OCSP Responder certificate and test certificates (with known status).

Configure your client application to send certificate staus requests to the OpenValidation.org OCSP Responder (http://ocsp.openvalidation.org). We provide several virtual hosts with different OCSP Responder configuration to allow testing with full range of possible responses.

Virtual Hosts at http://ocsp.openvalidation.org:

Port: 80 Standard configuration. OCSP Responder will accept all proper requests and send a signed response.
Port: 8080 Response does not contain any attached certificates. Client must accept this response
Port: 8081 Never replies nonce. Insecure but standard conform mode. Client application should warn in case of replay-attacks
Port: 8082 The OCSP Responder will sign the response with randomized bytecode. Client should NOT accept this response.
Port: 8083 OCSP response will always be revoked.
Port: 8084 OCSP response will always be unknown.
Port: 8085 OCSP response will always be malformed.
Port: 8086 OCSP response will always be internal error.
Port: 8087 OCSP response will always be try later.
Port: 8088 OCSP response will always be signature required.
Port: 8089 OCSP response will always be unauth.
Port: 8090 Standard configuration with full Debuglogs. Debuglogs are visible at http://www.openvalidation.org/debug.php

Here you can find detailed information about processing certificate status requests with openssl.

E.g. an openssl status request and the answer with a valid test certificate could look like this:


C:/>openssl ocsp -host ocsp.openvalidation.org:80 -issuer RootCAcert.pem -VAfile OCSPServer.pem -cert User.pem

Response verify OK
User.pem: good
This Update: Aug 17 10:12:03 2001 GMT
Next Update: Aug 16 10:12:03 2006 GM


Or e.g. an openssl status request and the answer with known serial number of a revoked test certificate could look like this:


C:/>openssl ocsp -host ocsp.openvalidation.org:8090 -issuer RootCAcert.pem -VAfile OCSPServer.pem -serial 03

Response verify OK
03: revoked
This Update: Aug 17 10:12:03 2001 GMT
Next Update: Aug 16 10:12:03 2006 GMT
Revocation Time: Aug 17 10:10:39 2001 GM


These openssl request will only work with the newest release of openssl.

Online Certificate Status Protocol (OCSP)协议概述

  • u013992766
  • u013992766
  • 2016-05-22 14:02:43
  • 3134


注:水平有限,仅供个人参考 (待续---------)# ------------ OCSP configuration ---------------------OCSP配置# Specifies ...
  • wuwenlong527
  • wuwenlong527
  • 2007-10-19 17:40:00
  • 854

OCSP 测试服务器

 需要寻找一个OCSP测试服务器,今天找到一个,以下为简介:想请参照:http://www.openvalidation.org/useocspservicenew.htmHow to test c...
  • wuwenlong527
  • wuwenlong527
  • 2007-10-16 09:12:00
  • 2225


开源的生成<em>OCSP</em>请求和响应的jar包,很好用,可以试一下... 开源的生成<em>OCSP</em>请求和响应的jar包,很好用,可以试一下 综合评分:3 收藏评论(3)举报 所需: 3积分/C币 ...
  • 2018年04月16日 00:00

页面加载被延迟 Firefox将禁用对DV和OV证书的OCSP检查

  • TrustAsia
  • TrustAsia
  • 2017-06-02 09:04:22
  • 616


  • 2011年11月29日 13:10
  • 1.73MB
  • 下载


27.1 概述 在线证书状态协议(OCSP, Online Certificate Status Protocol,rfc2560)用于实时表明证书状态。OCSP客户端通过查询OCSP服务来确定一个...
  • aixiaoxiaoyu
  • aixiaoxiaoyu
  • 2018-01-26 19:04:32
  • 258


做大家都知道如何去做的事,只会使世界发生从1到n的改变,增添许多类似的改变。但是我们每次创造新事物的时候,会使世界发生从0到1的改变。                                ...
  • drunkpragrammer
  • drunkpragrammer
  • 2017-11-17 17:56:22
  • 180


为了能使Safari自动地废止被废弃的认证,需要在用户的Keychain中设置OCSP和CRL打开: Keychain Access程序中的Preferences, Certificates标签中,使...
  • afatgoat
  • afatgoat
  • 2011-06-22 04:14:00
  • 2562


  • 2009年11月26日 12:53
  • 192KB
  • 下载
您举报文章:OCSP 测试服务器