How to set up an OCSP responder

Create a Certification Authority

Set up the OCSP responder

nano /etc/ssl/openssl.cnf
...
[ usr_cert ]
...
authorityInfoAccess = OCSP;URI:http://127.0.0.1:81

[ v3_OCSP ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = OCSPSigning
...
cd /etc/pki/CA/
mkdir ocsp
openssl genrsa -des3 -out private/ocsp.key
openssl req -new -key private/ocsp.key -out ocsp/ocsp.csr -subj /C=PT/ST=Coimbra/L=Coimbra/O=MyOrg/OU=MyOrgDep/CN=OCSP/emailAddress=ocsp@example.com -passin pass:example-password
openssl ca -in ocsp/ocsp.csr -cert certs/ca.crt -keyfile private/ca.key -out certs/ocsp.crt -extensions v3_OCSP -passin pass:example-password
touch log.txt
openssl ocsp -index index.txt -port 81 -rsigner certs/ocsp.crt -rkey private/ocsp.key -CA certs/ca.crt -text -out log.txt

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store