OCSP – Page 6 – WindowsTechs.com

Can’t request ocsp status with chain of certificates

Posted on March 24, 2017 by BjornMelgaard

I have deployed basic ocsp server from OpenSSl Cookbook by Ivan Ristic page 44 with following command

$ openssl ocsp -port 9080 -index db/index -rsigner root-ocsp.crt -rkey private/root-ocsp.key -CA root-ca.crt -text

Certs… Continue reading Can’t request ocsp status with chain of certificates→

Is the use of regular OCSP or OCSP stapling a privacy risk?

Posted on March 16, 2017 by Kevin Morssink

Is the use of regular OCSP or OCSP stapling a privacy risk? Since a request is sent (in each handshake) to an (external) OCSP Responder.

The OCSP responder can potentially register a load of metadata.

Continue reading Is the use of regular OCSP or OCSP stapling a privacy risk?→

What is the exact difference between OCSP and OCSP stapling?

Posted on February 21, 2017 by Kevin Morssink

What is the exact difference between the Online Certificate Status Protocol (OCSP) and OCSP stapling, which seems to be “…an alternative approach to the Online Certificate Status Protocol (OCSP)”?

Continue reading What is the exact difference between OCSP and OCSP stapling?→

What is the exact difference between regular OCSP and OCSP stapling?

Posted on February 21, 2017 by Kevin Morssink

Continue reading What is the exact difference between regular OCSP and OCSP stapling?→

Can an OCSP response be issued by a subca of the Root CA that has issued the certificate?

Posted on January 9, 2017 by pedrofb

Is this Public Key Infraestructure possible according with the RFC 6960 Online Certificate Status Protocol – OCSP, Authorized Responders?

OCSP response for Cert is signed with a certificate issued by Sub CA 2.

Reading th… Continue reading Can an OCSP response be issued by a subca of the Root CA that has issued the certificate?→

Combining OCSP Stapling and manual OCSP request from client

Posted on January 3, 2017 by shanzter

Currently, I have an implementation where I send an OCSP request in the verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) function for every intermediate and end-entity certificate. The verify_callback function is s… Continue reading Combining OCSP Stapling and manual OCSP request from client→

OCSP from branch office to central office

Posted on November 29, 2016 by Ti.

Our firm wants to validate certificates using OCSP in its branch offices.
However, when the OCSP responder as defined in the certificate is down, they want to fallback on CRLs, which is the right thing to do imo.

So, because… Continue reading OCSP from branch office to central office→

OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack

Posted on September 23, 2016 by Michael Mimoso

OpenSSL patched a high-severity vulnerability in its deployment on the Online Certificate Status Protocol, and also mitigated the SWEET32 attack. Continue reading OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack→

Is there an imbalance of issuer and responders in OCSP verification?

Posted on August 16, 2016 by Pawel Veselov

I’m trying out OCSP verification, and I’m not sure I’m following all that’s going on.

The requester can send 1-N certificate IDs, each has issuer hashes/serial no. The responder generates the counter-list, where for each requested item, t… Continue reading Is there an imbalance of issuer and responders in OCSP verification?→

OCSP recording with JMeter

Posted on April 14, 2016 by gul

How can I record an application which is using OCSP security with the help of JMeter?

I am not able to record the application i.e. a native app with the help of JMeter as it is using OCSP protocol for security.

Continue reading OCSP recording with JMeter→