OCSP 测试服务器

OpenValidation.org提供了一种服务,允许开发者通过其Responder Service测试OCSP启用的客户端应用功能。开发者可以下载必要的证书,并配置应用向OpenValidation.org OCSP Responder发送状态请求,以测试各种可能的响应情况。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

 需要寻找一个OCSP测试服务器,今天找到一个,以下为简介:
想请参照:http://www.openvalidation.org/useocspservicenew.htm


How to test client applications with OpenValidation.org

Developers can use the OpenValidation.org Responder Service to test the functionality of their OCSP-enabled client applications. OpenValidation.org provides certificates with known status and several virtual hosts to enable developers to test their OCSP clients extensively with a professional OCSP Responder.

To test an OCSP client application it is neccessary to download the OpenValidation RootCA certificate, OCSP Responder certificate and test certificates (with known status).

Configure your client application to send certificate staus requests to the OpenValidation.org OCSP Responder (http://ocsp.openvalidation.org). We provide several virtual hosts with different OCSP Responder configuration to allow testing with full range of possible responses.

Virtual Hosts at http://ocsp.openvalidation.org:

Port: 80Standard configuration. OCSP Responder will accept all proper requests and send a signed response.
Port: 8080Response does not contain any attached certificates. Client must accept this response
Port: 8081Never replies nonce. Insecure but standard conform mode. Client application should warn in case of replay-attacks
Port: 8082The OCSP Responder will sign the response with randomized bytecode. Client should NOT accept this response.
Port: 8083OCSP response will always be revoked.
Port: 8084OCSP response will always be unknown.
Port: 8085OCSP response will always be malformed.
Port: 8086OCSP response will always be internal error.
Port: 8087OCSP response will always be try later.
Port: 8088OCSP response will always be signature required.
Port: 8089OCSP response will always be unauth.
Port: 8090Standard configuration with full Debuglogs. Debuglogs are visible at http://www.openvalidation.org/debug.php

Here you can find detailed information about processing certificate status requests with openssl.

E.g. an openssl status request and the answer with a valid test certificate could look like this:

C:/WINNT/System32/cmd.exe


C:/>openssl ocsp -host ocsp.openvalidation.org:80 -issuer RootCAcert.pem -VAfile OCSPServer.pem -cert User.pem

Response verify OK
User.pem: good
This Update: Aug 17 10:12:03 2001 GMT
Next Update: Aug 16 10:12:03 2006 GM

 

Or e.g. an openssl status request and the answer with known serial number of a revoked test certificate could look like this:

C:/WINNT/System32/cmd.exe


C:/>openssl ocsp -host ocsp.openvalidation.org:8090 -issuer RootCAcert.pem -VAfile OCSPServer.pem -serial 03

Response verify OK
03: revoked
This Update: Aug 17 10:12:03 2001 GMT
Next Update: Aug 16 10:12:03 2006 GMT
Revocation Time: Aug 17 10:10:39 2001 GM

 

These openssl request will only work with the newest release of openssl.

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值