howto make the OCSP certificate. This is the section I added to my openssl.cnf file.
[ ocsp_cert ] # These extensions are added when 'ca' signs a request for an OCSP responder. basicConstraints=CA:FALSE extendedKeyUsage = OCSP Signing noCheck = yes ... Then as my other post said: add "-extensions ocsp_cert" on the "openssl ca" command to generate the cert. The document I referred to is openssl standard doc from the site: http://www.openssl.org/docs/apps/openssl.html This one is good, and recently updated, but never mentions "OCSP Signing" and that is what you need to make the OCSP cert. It does mention noCeck which I also use. http://www.openssl.org/docs/apps/x509v3_config.html# And the OCSP doc: http://www.openssl.org/docs/apps/ocsp.html# Warning: There are a couple of minor mistakes on this page - but you should be able to figure it out. This mentions "OCSPSigning" (without the space - dont try that in the .cnf file!) but it wont tell you how to make the ocsp cert. Last is the CA doc: http://www.openssl.org/docs/apps/ca.html# PS. I use this OCSP very successfully for testing purposes . It is very lightweight and works so it is worth the effort! You can certainly learn a lot about OCSP responder from using this one. Regards, Simon McMahon "Sowjanya Malika" <[EMAIL PROTECTED]> 12/06/2006 10:21 PM To Simon McMahon/Australia/Contr/[EMAIL PROTECTED] cc Subject ocsp responder certificate generation documentation( reg) Hi, I have gone through your mail regarding "ocsp responder certificate generation documentation". I just wanted to know abt OCSP and I would like to have the document. Is it confidential? If not please send me. thanks in advance, Sowjanya ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
