{"id":42,"date":"2012-03-20T20:33:44","date_gmt":"2012-03-21T04:33:44","guid":{"rendered":"http:\/\/rmhrisk.wpengine.com\/?p=42"},"modified":"2014-04-25T12:53:40","modified_gmt":"2014-04-25T20:53:40","slug":"how-to-do-ocsp-requests-using-openssl-and-curl","status":"publish","type":"post","link":"https:\/\/unmitigatedrisk.com\/?p=42","title":{"rendered":"How to do OCSP requests using OpenSSL and CURL"},"content":{"rendered":"

 <\/p>\n

It pretty easy, the OpenSSL and CURL manuals make it fairly easy but I thought I would put it all here in a single post for you.<\/p>\n

First in these examples I used the certificates from the http:\/\/www.globalsign.com<\/a> site, I saved the www certificate to globalsignssl.crt and its issuer to globalsignssl.crt.<\/p>\n

Next you will find a series of commands used to generate both POSTs and GETs for OCSP:<\/p>\n

1. Create a OCSP request to work with, this also will produce a POST to the OCSP responder<\/p>\n

openssl ocsp -noverify -no_nonce -respout ocspglobalsignca.resp -reqout ocspglobalsignca.req -issuer globalsigng2.cer -cert globalsign.com.cer -url \"http:\/\/ocsp2.globalsign.com\/gsextendvalg2\" -header \"HOST\" \"ocsp2.globalsign.com\" -text<\/pre>\n
2. Base64 encode the DER encoded OCSP request<\/p>\n
\n
openssl enc -in ocspglobalsignca.req -out ocspglobalsignca.req.b64 -a<\/pre>\n<\/div>\n
3. URL Encode the Base64 blob after removing any line breaks (see:\u00a0http:\/\/meyerweb.com\/eric\/tools\/dencoder\/ for a decoder)<\/p>\n
4. Copy the Base64 into the URL you will use in your GET<\/p>\n
\n
http:\/\/ocsp2.globalsign.com\/gsextendvalg2\/{URL encoded Base64 Here}<\/pre>\n<\/div>\n
5. Do your GET:<\/p>\n
curl --verbose --url http:\/\/ocsp2.globalsign.com\/gsextendvalg2\/MFMwUTBPME0wSzAJBgUrDgMCGgUABBSgcg6ganxiAlTyqPWd0nuk87cvpAQUsLBK%2FRx1KPgcYaoT9vrBkD1rFqMCEhEhD0Xjo%2FV7lgq3ziGoWG69rA%3D%3D<\/pre>\n
 <\/p>\n
If you like you can also re-play the request that was generated with OpenSSL as a POST:<\/p>\n
curl --verbose --data-binary\u00a0 @ocspglobalsignca.req -H \"Content-Type:application\/ocsp-request\" --url http:\/\/ocsp2.globalsign.com\/gsextendvalg2<\/pre>\n","protected":false},"excerpt":{"rendered":"
  It pretty easy, the OpenSSL and CURL manuals make it fairly easy but I thought I would put it all here in a single post for you. First in these examples I used the certificates from the http:\/\/www.globalsign.com site, I saved the www certificate to globalsignssl.crt and its issuer to globalsignssl.crt. Next you will […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[3,4],"tags":[25,24,19],"class_list":["post-42","post","type-post","status-publish","format-standard","hentry","category-security","category-thoughts","tag-ocsp","tag-revocation","tag-x509"],"_links":{"self":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/posts\/42","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=42"}],"version-history":[{"count":0,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/posts\/42\/revisions"}],"wp:attachment":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=42"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=42"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=42"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}