Hi!
Does anybody know of a tool to test OCSP responses? Preferably, something that can be used from a Windows Command-line and/or can be included (easily) in a Java/python program
Hi!
Does anybody know of a tool to test OCSP responses? Preferably, something that can be used from a Windows Command-line and/or can be included (easily) in a Java/python program
The newpki client claims to be able to do that. http://www.newpki.org/
Can you test it over HTTP as described in the specs in Appendix A? If so, then you can use any web test util. Since you mentioned Java, JMeter comes to mind. With JMeter, you can create your java code to do validation, etc and re-use it in your test cases.
Can you use something other than CMD line, such as a BASH script via Cygwin?
You'd still have to script some things to validate the test, perhaps using openssl?
curl http://some.ocsp.url/ > resp.der openssl ocsp -respin resp.der -text
See page http://www.ietf.org/rfc/rfc2560.txt
Looking a bit more, I think I've found some answers:
a) OpenSSL at the rescue:
openssl ocsp -whatever
For more info, http://www.openssl.org/docs/apps/ocsp.html
b) http://www.openvalidation.org/ is another way of testing a cert. And via its links, I got to:
Thanks to all the answers!
Here is a good ressource to have a simple OCSP Client or OCSP Responder with OpenSSL : http://backreference.org/2010/05/09/ocsp-verification-with-openssl/