#MAN OPENSSL VERIFICATION#
This option will normally only be used for debugging since itĭisables all verification of the responders certificate. noverify don't attempt to verify the OCSP response signature or the nonce values. Equivalent to the -verify_other and -trust_other options. VAfile file file containing explicitly trusted responder certificates. Useful when the complete responder certificate chain is not available or trusting a root CA is not appropriate. trust_other the certificates specified by the -verify_other option should be explicitly trusted and no additional checks will be performed on them. Some responders omit theĪctual signer's certificate from the response: this option can be used to supply the necessary certificate in such cases. verify_other file file containing additional certificates to search when attempting to locate the OCSP response signing certificate. These are used to verify the signature on the OCSP response. CAfile file, -CApath pathname file or pathname containing trusted CA certificates. host hostname:port, -path pathname if the host option is present then the OCSP request is sent to the host hostname on port port. Both HTTP and HTTPS ( SSL/TLS ) URLs can be specified. url responder_url specify the responder URL. These option are ignored if OCSP request or response creation is impliedīy other options (for example with serial, cert and host options).
reqin file, -respin file read OCSP request or response file from file. reqout file, -respout file write out the DER encoded certificate request or response to file. req_text, -resp_text, -text print out the text form of the OCSP request, response or both respectively.
#MAN OPENSSL SERIAL#
If an OCSP request is beingĬreated (using cert and serial options) a nonce is automatically added specifying no_nonce overrides this. Using the respin option no nonce is added: using the nonce option will force addition of a nonce. nonce, -no_nonce Add an OCSP nonce extension to a request or disable OCSP nonce addition. sign_other filename Additional certificates to include in the signed request. If the signkey option is not present then the private key is read from the same file as the certificate. signer filename, -signkey filename Sign the OCSP request using the certificate specified in the signer option and the private key specified by the signkey option. Negative integers can also be specified by preceding the value by a - sign.
#MAN OPENSSL SERIAL NUMBER#
The serial number is interpreted as a decimal
serial num Same as the cert option except the certificate with serial number num is added to the request. The issuer certificate is taken from the previous issuer option, or an error occurs if no issuer cert filename Add the certificate filename to the request. This option MUST come before any -cert options. The certificate specified in filename must be in issuer filename This specifies the current issuer certificate. out filename specify output filename, default is standard output. To an OCSP responder and behave like a mini OCSP server itself. It can be used to print out requests and responses, create requests and send queries The ocsp command performs many common OCSP tasks. The Online Certificate Status Protocol ( OCSP ) enables applications to determine the (revocation) state of an identified certificate (
0 kommentar(er)
