It pretty easy, the OpenSSL and CURL manuals make it fairly easy but I thought I would put it all here in a single post for you.
First in these examples I used the certificates from the http://www.globalsign.com site, I saved the www certificate to globalsignssl.crt and its issuer to globalsignssl.crt.
Next you will find a series of commands used to generate both POSTs and GETs for OCSP:
1. Create a OCSP request to work with, this also will produce a POST to the OCSP responder
openssl ocsp -noverify -no_nonce -respout ocspglobalsignca.resp -reqout ocspglobalsignca.req -issuer globalsigng2.cer -cert globalsign.com.cer -url "http://ocsp2.globalsign.com/gsextendvalg2" -header "HOST" "ocsp2.globalsign.com" -text
2. Base64 encode the DER encoded OCSP request
openssl enc -in ocspglobalsignca.req -out ocspglobalsignca.req.b64 -a
4. URL Encode the Base64 blob (see: http://meyerweb.com/eric/tools/dencoder/)
5. Copy the Base64 into the URL you will use in your GET
http://ocsp2.globalsign.com/gsextendvalg2/{URL encoded Base64 Here}
6. Do your GET:
curl --verbose --url http://ocsp2.globalsign.com/gsextendvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBSgcg6ganxiAlTyqPWd0nuk87cvpAQUsLBK%2FRx1KPgcYaoT9vrBkD1rFqMCEhEhD0Xjo%2FV7lgq3ziGoWG69rA%3D%3D
If you like you can also re-play the request that was generated with OpenSSL as a POST:
curl --verbose --data-binary @ocspglobalsignca.req -H "Content-Type:application/ocsp-request" --url http://ocsp2.globalsign.com/gsextendvalg2
Recent Comments