In OCSP stapling: 1. A web server requests and obtains a signed OCSP response for its certificate from an OCSP responder, which can be cached for up to 7 days. 2. The server includes the cached OCSP response along with (or “stapled to”) its certificate in its HTTPS responses to web browsers. 3.
Apache Tomcat will query an OCSP responder server to get the certificate status. When testing, an easy way to create an OCSP responder is by executing the following: openssl ocsp -port 127.0.0.1:8088 \ -text -sha256 -index index.txt \ -CA ca-chain.cert.pem -rkey ocsp-cert.key \ -rsigner ocsp-cert.crt. Do note that when using OCSP, the responder Free Time Stamp Authority # NTP Server: freetsa.org (IPv4 / IPv6) $ ntpdate freetsa.org # NOTE: Freetsa offers DoT on port 853. DNSCrypt was a previous alternative to DoT implementation, but can still be used if desired. # DNSCRYPT Server parameters. X.509 Certificate Revocation Checking Using OCSP protocol 6. OCSP Server Set-Up. Start the OCSP server by specifying the host and port indicated in openssl.cnf (see section 1. Download and Set Up openssl. To make things simple we'll start the ocsp server on the same machine as Oracle WebLogic Server, although you can start on a different host after installing openssl and copying the certificate to OpenCA Research Labs - Home Page The OpenCA OCSPD project is aimed to develop a robust and easy-to-install OCSP daemon. The server is developed as a stand-alone application and can be integrated into many different PKI solutions as it does not depend on specific database scheme. Furthermore it can be used as a responder for multiple CAs.
Sep 24, 2019
OpenSSL includes an option to run as an OCSP server that can respond to OCSP queries. Note that OCSP is preferred over CRLs. Usually, it is a good idea to make sure that an OCSP server is running for your CA, particularly if the OCSP URL appears in your configuration, as this URL is included in each certificate that is signed by the CA.
The OCSP server has no status for the certificate
SSL/TLS Strong Encryption: How-To - Apache HTTP Server