Posted by & filed under Security, Thoughts.


It pretty easy, the OpenSSL and CURL manuals make it fairly easy but I thought I would put it all here in a single post for you.

First in these examples I used the certificates from the site, I saved the www certificate to globalsignssl.crt and its issuer to globalsignssl.crt.

Next you will find a series of commands used to generate both POSTs and GETs for OCSP:

1. Create a OCSP request to work with, this also will produce a POST to the OCSP responder

openssl ocsp -noverify -no_nonce -respout ocspglobalsignca.resp -reqout ocspglobalsignca.req -issuer globalsigng2.cer -cert -url "" -header "HOST" "" -text

2. Base64 encode the DER encoded OCSP request

openssl enc -in ocspglobalsignca.req -out ocspglobalsignca.req.b64 -a

4. URL Encode the Base64 blob after removing any line breaks (see: for a decoder)

5. Copy the Base64 into the URL you will use in your GET{URL encoded Base64 Here}

6. Do your GET:

curl --verbose --url


If you like you can also re-play the request that was generated with OpenSSL as a POST:

curl --verbose --data-binary  @ocspglobalsignca.req -H "Content-Type:application/ocsp-request" --url

2 Responses to “How to do OCSP requests using OpenSSL and CURL”

Leave a Reply

  • (will not be published)