1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
|
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
scenario OCSPD
#root CA
entity OCSPRoot
type Root
export_key
#CA - OK
entity OCSPCA1
type Intermediate
issuer OCSPRoot
serial 1
ocsp online
export_key
#CA - revoked
entity OCSPCA2
type Intermediate
issuer OCSPRoot
serial 2
ocsp online
export_key
#CA - unknown status
entity OCSPCA3
type Intermediate
issuer OCSPRoot
serial 3
ocsp offline
export_key
#EE - OK
entity OCSPEE11
type EE
issuer OCSPCA1
serial 1
ocsp online
#EE - revoked on OCSP
entity OCSPEE12
type EE
issuer OCSPCA1
serial 2
ocsp online
#EE - revoked on CRL
entity OCSPEE13
type EE
issuer OCSPCA1
serial 3
ocsp online
#EE - revoked on OCSP and CRL
entity OCSPEE14
type EE
issuer OCSPCA1
serial 4
ocsp online
#EE - unknown status
entity OCSPEE15
type EE
issuer OCSPCA1
serial 5
ocsp offline
#EE - valid EE, revoked CA
entity OCSPEE21
type EE
issuer OCSPCA2
serial 1
ocsp online
#EE - revoked EE, revoked CA
entity OCSPEE22
type EE
issuer OCSPCA2
serial 2
ocsp online
#EE - revoked EE, CA pointing to invalid OCSP
entity OCSPEE23
type EE
issuer OCSPCA2
serial 3
ocsp offline
#EE - valid EE, CA pointing to invalid OCSP
entity OCSPEE31
type EE
issuer OCSPCA3
serial 1
ocsp online
#EE - revoked EE, CA pointing to invalid OCSP
entity OCSPEE32
type EE
issuer OCSPCA3
serial 2
ocsp online
#EE - EE pointing to invalid OCSP, CA pointing to invalid OCSP
entity OCSPEE33
type EE
issuer OCSPCA3
serial 3
ocsp offline
crl OCSPRoot
revoke OCSPRoot
serial 2
crl OCSPCA1
revoke OCSPCA1
serial 2
revoke OCSPCA1
serial 4
crl OCSPCA2
revoke OCSPCA2
serial 2
revoke OCSPCA2
serial 3
crl OCSPCA3
revoke OCSPCA3
serial 2
revoke OCSPCA3
serial 3
# Used for running a single OCSP server (httpserv) instance that can
# handle multiple CAs, e.g.:
# httpserv -p 8641 -d . -f dbpasswd \
# -A OCSPRoot -C OCSPRoot.crl -A OCSPCA1 -C OCSPCA1.crl \
# -A OCSPCA2 -C OCSPCA2.crl -A OCSPCA3 -C OCSPCA3.crl
db Server
import OCSPRoot::CT,C,C
import_key OCSPRoot
import_key OCSPCA1
import_key OCSPCA2
import_key OCSPCA3
# A DB containing all certs, but no keys.
# Useful for manual OCSP client testing, e.g.:
# ocspclnt -d . -S OCSPEE12OCSPCA1 -u s
db Client
import OCSPRoot::CT,C,C
import OCSPCA1OCSPRoot::
import OCSPCA2OCSPRoot::
import OCSPCA3OCSPRoot::
import OCSPEE11OCSPCA1::
import OCSPEE12OCSPCA1::
import OCSPEE13OCSPCA1::
import OCSPEE14OCSPCA1::
import OCSPEE15OCSPCA1::
import OCSPEE21OCSPCA2::
import OCSPEE22OCSPCA2::
import OCSPEE23OCSPCA2::
import OCSPEE31OCSPCA3::
import OCSPEE32OCSPCA3::
import OCSPEE33OCSPCA3::
|
