OpenCA's OCSP Responder (c) 2001-2006 by Massimiliano Pala and OpenCA Group OpenCA Licesed Software
The OCSP (OnLine Certificate Status Protocol) is becoming ever more supported by current clients as it provides an easy way to get a reliable and fast onLine verification of the required certificate(s) status.
The provided responder is capable of answering to complex OCSP requests, an example of a configuration file and a way to start and make request to the responded can be found into the etc/ directory.
To get a full list of the supported command-line options simply call the openca-ocspd program with '-' as an argument:
$ openca-ocspd -
To install the package follow the provided INSTALL script and edit the config file to fillfull your needs. Remember that you'll need the 0.9.7 version of the OpenSSL package - current source code (0.9.7d).
In the $prefix/etc/ocspd directory you'll find some example files for simple configuration of the responder. All options are, I guess, self-explicative and very easy to understand.
The OCSP Responder must have its own certificate/key pair to be able to build and sign the responses. To aceive this you can simply generate a PKCS#10 req and upload it to your CA by using the appropriate command. Remember that the certificate MUST contain the "OCSPSigning" extension in the extendedKeyUsage extension: if requested you'll need to define a new extension file on the ca (conf/openssl/extfiles) for the OCSP certificate profile.
Actually it has not been fully tested on many systems so, if there is any problem, please contact us on the mailing list and ask for support there.
Currently the responded has been tested with Mozilla and it has been reported to work correctly.
Some performance problems have been noticed on Solaris but no informations on where the bottleneck is are currently available.
If you have further questions, please, contact the OpenCA team. More infos on OpenCA LABS and OpenCA Team can be found at http://www.openca.org
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)
Enjoy the Open Source Community!
Massimiliano Pala <email@example.com>