Hi!
Does anybody know of a tool to test OCSP responses? Preferably, something that can be used from a Windows Command-line and/or can be included (easily) in a Java/python program
+1
A:
The newpki client claims to be able to do that. http://www.newpki.org/
Alexey Feldgendler
2008-09-16 12:23:38
Thanks a lot, Alexey.The newpki client seems to be a bit more complex than I look for, as it's a full PKI admin tool
2008-09-16 15:46:04
+1
A:
Can you test it over HTTP as described in the specs in Appendix A? If so, then you can use any web test util. Since you mentioned Java, JMeter comes to mind. With JMeter, you can create your java code to do validation, etc and re-use it in your test cases.
Can you use something other than CMD line, such as a BASH script via Cygwin?
You'd still have to script some things to validate the test, perhaps using openssl?
curl http://some.ocsp.url/ > resp.der openssl ocsp -respin resp.der -text
See page http://www.ietf.org/rfc/rfc2560.txt
Dustin
2008-09-16 12:25:07
+1
A:
Looking a bit more, I think I've found some answers:
a) OpenSSL at the rescue:
openssl ocsp -whatever
For more info, http://www.openssl.org/docs/apps/ocsp.html
b) http://www.openvalidation.org/ is another way of testing a cert. And via its links, I got to:
- http://security.polito.it/tools/ocsp/
- Ascertia OCSP Client tool (http://www.ascertia.com/products/ocsptool/)
- Ascertia OCSP Crusher tool (an OCSP load generator) (http://www.ascertia.com/products/ocspCrusher/)
Thanks to all the answers!
JJarava
2008-09-16 14:32:40
A:
Here is a good ressource to have a simple OCSP Client or OCSP Responder with OpenSSL : http://backreference.org/2010/05/09/ocsp-verification-with-openssl/
ohe
2010-10-11 21:53:18