OCSP 测试服务器

最新推荐文章于 2025-07-09 16:49:39 发布

原创最新推荐文章于 2025-07-09 16:49:39 发布 · 4.7k 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#测试 #application #processing #download #服务器 #testing

CA & OCSP 专栏收录该内容

29 篇文章

订阅专栏

OpenValidation.org提供了一种服务，允许开发者通过其Responder Service测试OCSP启用的客户端应用功能。开发者可以下载必要的证书，并配置应用向OpenValidation.org OCSP Responder发送状态请求，以测试各种可能的响应情况。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

需要寻找一个OCSP测试服务器，今天找到一个，以下为简介：
想请参照：http://www.openvalidation.org/useocspservicenew.htm

How to test client applications with OpenValidation.org

Developers can use the OpenValidation.org Responder Service to test the functionality of their OCSP-enabled client applications. OpenValidation.org provides certificates with known status and several virtual hosts to enable developers to test their OCSP clients extensively with a professional OCSP Responder.

To test an OCSP client application it is neccessary to download the OpenValidation RootCA certificate, OCSP Responder certificate and test certificates (with known status).

Configure your client application to send certificate staus requests to the OpenValidation.org OCSP Responder (http://ocsp.openvalidation.org). We provide several virtual hosts with different OCSP Responder configuration to allow testing with full range of possible responses.

Virtual Hosts at http://ocsp.openvalidation.org:

Port: 80	Standard configuration. OCSP Responder will accept all proper requests and send a signed response.
Port: 8080	Response does not contain any attached certificates. Client must accept this response
Port: 8081	Never replies nonce. Insecure but standard conform mode. Client application should warn in case of replay-attacks
Port: 8082	The OCSP Responder will sign the response with randomized bytecode. Client should NOT accept this response.
Port: 8083	OCSP response will always be *revoked*.
Port: 8084	OCSP response will always be *unknown*.
Port: 8085	OCSP response will always be *malformed*.
Port: 8086	OCSP response will always be *internal error*.
Port: 8087	OCSP response will always be *try later*.
Port: 8088	OCSP response will always be *signature required*.
Port: 8089	OCSP response will always be *unauth*.
Port: 8090	Standard configuration with full Debuglogs. Debuglogs are visible at http://www.openvalidation.org/debug.php

Here you can find detailed information about processing certificate status requests with openssl.

E.g. an openssl status request and the answer with a valid test certificate could look like this:

C:/WINNT/System32/cmd.exe

C:/>openssl ocsp -host ocsp.openvalidation.org:80 -issuer RootCAcert.pem -VAfile OCSPServer.pem -cert User.pem
Response verify OK
User.pem: good
This Update: Aug 17 10:12:03 2001 GMT
Next Update: Aug 16 10:12:03 2006 GM

Or e.g. an openssl status request and the answer with known serial number of a revoked test certificate could look like this:

C:/WINNT/System32/cmd.exe

C:/>openssl ocsp -host ocsp.openvalidation.org:8090 -issuer RootCAcert.pem -VAfile OCSPServer.pem -serial 03
Response verify OK
03: revoked
This Update: Aug 17 10:12:03 2001 GMT
Next Update: Aug 16 10:12:03 2006 GMT
Revocation Time: Aug 17 10:10:39 2001 GM

These openssl request will only work with the newest release of openssl.