- Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Sponsored Links

Latest News
  General News
  Press Releases
  Off Topic

Back to files
                       OpenCA's OCSP Responder
         (c) 2001-2006 by Massimiliano Pala and OpenCA Group
                       OpenCA Licesed Software

1. General Description

The OCSP (OnLine Certificate Status Protocol) is becoming ever more supported by current clients as it provides an easy way to get a reliable and fast onLine verification of the required certificate(s) status.

The provided responder is capable of answering to complex OCSP requests, an example of a configuration file and a way to start and make request to the responded can be found into the etc/ directory.

To get a full list of the supported command-line options simply call the openca-ocspd program with '-' as an argument:

$ openca-ocspd -


To install the package follow the provided INSTALL script and edit the config file to fillfull your needs. Remember that you'll need the 0.9.7 version of the OpenSSL package - current source code (0.9.7d).

3. Provided files

In the $prefix/etc/ocspd directory you'll find some example files for simple configuration of the responder. All options are, I guess, self-explicative and very easy to understand.

4. OCSP Responder certificate

The OCSP Responder must have its own certificate/key pair to be able to build and sign the responses. To aceive this you can simply generate a PKCS#10 req and upload it to your CA by using the appropriate command. Remember that the certificate MUST contain the "OCSPSigning" extension in the extendedKeyUsage extension: if requested you'll need to define a new extension file on the ca (conf/openssl/extfiles) for the OCSP certificate profile.

5. Known Bugs

Actually it has not been fully tested on many systems so, if there is any problem, please contact us on the mailing list and ask for support there.

Currently the responded has been tested with Mozilla and it has been reported to work correctly.

Some performance problems have been noticed on Solaris but no informations on where the bottleneck is are currently available.

4. Contacts

If you have further questions, please, contact the OpenCA team. More infos on OpenCA LABS and OpenCA Team can be found at

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (

Enjoy the Open Source Community!

Massimiliano Pala <>

Sponsored Links

Discussion Groups
  Networking / Security

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 All rights reserved.