Hello. I am trying to set up an ocsp server.
I have following line: openssl ocsp -index codesign_intermediate/index.txt -url http://www.myhost.com:8888/codesign/ -rsigner root_ca/certs/cacert.crt -rkey root_ca/private/privkey.pem -CA root_ca/certs/cacert.crt -text -out codesign_intermediate/ocsp.txt When I start the bash script, I get following line: Waiting for OCSP client connections... Ok, then I tried to open the ocsp connection (to test if it's answering) using web-sniffer.net. A HTTP-200 response with 5 bytes arrive. (Of course, this isn't a valid ocsp request). Anyway, OpenSSL crashed now and says: Invalid request The OCSP-Daemon is stopped! (A second request isn't possible!) I tried to start the daemon again, but now I get 18758:error:02006062:system library:bind:Address already in use:b_sock.c:685:port='8888' 18758:error:20069075:BIO routines:BIO_get_accept_socket:unable to bind socket:b_sock.c:687: I cannot use this port a second time. My questions are: 1) What am I doing wrong? Why is the daemon terminating just because of this "request"? 2) Why is the port 8888 blocked now? How can I undo it? 3) How do I have to process when I have a Root-CA and a Intermediate-CA and both should use OCSP? Should both get different ports? 4) How can I add the OCSP URL to the root and intermediate certificates (I use the subprograms req + ca) Regards Daniel Marschall
