Openssl oscp命令

一、简介

ocsp，在线证书状态命，能够执行很多OCSP的任务，可以被用于打印请求文件和响应文件，

二、语法

openssl ocsp [-out file] [-issuer file] [-cert file] [-serial num] [-signer file] [-signkey file ]
[-sign_other file ] [-no_certs] [-req_text] [-resp_text] [-text] [-reqout file] [-respout file]
[-reqin file] [-respin file] [-nonce] [-no_nonce] [-url URL] [-host host:n] [-path] [-CApath dir]
[-CAfile file] [-VAfile file] [-validity_period n] [-status_age n] [-noverify] [-verify_other file]
[-trust_other] [-no_intern] [-no_signature_verify] [-no_cert_verify] [-no_chain] [-no_cert_checks]
[-port num] [-index file] [-CA file] [-rsigner file] [-rkey file] [-rother file] [-resp_no_certs] [-nmin n]
[-ndays n] [-resp_key_id] [-nrequest n]

选项

-out file          output filename
-issuer file       issuer certificate
-cert file         certificate to check
-serial n          serial number to check
-signer file       certificate to sign OCSP request with
-signkey file      private key to sign OCSP request with
-sign_other file   additional certificates to include in signed request
-no_certs          don‘t include any certificates in signed request
-req_text          print text form of request
-resp_text         print text form of response
-text              print text form of request and response
-reqout file       write DER encoded OCSP request to "file"
-respout file      write DER encoded OCSP reponse to "file"
-reqin file        read DER encoded OCSP request from "file"
-respin file       read DER encoded OCSP reponse from "file"
-nonce             add OCSP nonce to request
-no_nonce          don‘t add OCSP nonce to request
-url URL           OCSP responder URL
-host host:n       send OCSP request to host on port n
-path              path to use in OCSP request
-CApath dir        trusted certificates directory
-CAfile file       trusted certificates file
-trusted_first     use trusted certificates first when building the trust chain
-VAfile file       validator certificates file
-validity_period n maximum validity discrepancy in seconds
-status_age n      maximum status age in seconds
-noverify          don‘t verify response at all
-verify_other file additional certificates to search for signer
-trust_other       don‘t verify additional certificates
-no_intern         don‘t search certificates contained in response for signer
-no_signature_verify don‘t check signature on response
-no_cert_verify    don‘t check signing certificate
-no_chain          don‘t chain verify response
-no_cert_checks    don‘t do additional checks on signing certificate
-port num         port to run responder on
-index file     certificate status index file
-CA file         CA certificate
-rsigner file     responder certificate to sign responses with
-rkey file     responder key to sign responses with
-rother file     other certificates to include in response
-resp_no_certs     don‘t include any certificates in response
-nmin n          number of minutes before next update
-ndays n          number of days before next update
-resp_key_id       identify reponse by signing certificate key ID
-nrequest n        number of requests to accept (default unlimited)
-<dgst alg>     use specified digest in the request

三、实例

1、生成OCSP请求并写入到文件

openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der

参考：http://blog.csdn.net/as3luyuan123/article/details/14906179

时间： 2024-10-23 11:21:01

Openssl oscp命令的相关文章

OpenSSL之命令总结

OpenSSL从基础到应用系列: 1) OpenSSL之安全通讯基础 2) OpenSSL之PKI 3) OpenSSL之SSL协议的Web安全实现 4) OpenSSL之编译安装透过上面几个方面的学习,我们应该对OpenSSL有了一个基本的了解.OpenSSL功能之强大,命令组合用法之多,往往让我们的学习不知所措.在此,我们来对openssl命令的使用做一个总结. 语法格式: openssl command [ command_opts ] [ command_args ] 常用comma

熟练掌握 openssl 证书命令说明

熟练掌握 openssl 证书命令说明2.在我电脑建立好一个目录,并启动 terminal ,进入该目录cd /Users/dhbm/Desktop/ssl/sign2018072913.生成Self Signed证书1).生成一个key(我的私钥)openssl genrsa -des3 -out selfsign.key 4096 结果 (过程中密码: 123456)Generating RSA private key, 4096 bit long modulus...........++

Openssl pkcs7命令

一.简介 pkcs7命令用于处理DER或者PEM格式的pkcs#7文件. 二.语法 openssl pkcs7 [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-out filename] [-print] [-print_certs] [-text] [-noout] [-engine id] 选项 -inform arg input format - DER or PEM -outform arg output format -

Openssl ca命令

一.简介 ca命令能够签发证书请求文件以及生成CRL列表二.语法 openssl ca [-verbose] [-config filename] [-name section] [-gencrl] [-revoke file][-crl_reason reason] [-crl_hold instruction] [-crl_compromise time] [-crl_CA_compromise time ] [ -subj subj] [-crldays days] [-crlhours

Openssl crl2pkcs7命令

一.简介 crl2pkcs7命令根据CRL或证书来生成pkcs#7消息二.语法 openssl crl2pkcs7 [-inform PEM|DER ] [-outform PEM|DER ] [-in filename ] [-out filename ] [-certfile filename ] [-nocrl ] 选项 -inform arg input format - DER or PEM -outform arg output format - DER or PEM -in ar

Openssl crl命令

一.简介 crl命令用于处里PME或DER格式的CRL文件二.语法 openssl crl [-inform PEM|DER] [-outform PEM|DER] [-text] [-in filename] [-out filename] [-hash] [-fingerprint] [-issuer ] [-lastupdate ] [-nextupdate ] [-crlnumber] [-noout ] [-CAfile file ] [-CApath dir ] [-nameopt

Openssl asn1parse命令

一.简介 asn1parse命令是一种用来诊断ASN.1结构的工具,也能用于从ASN1.1数据中提取数据二.语法 openssl asn1parse [-inform PEM|DER] [-in filename] [-out filename] [-noout] [-offset number] [-length number] [-i] [- structure filename] [-strparse offset] 选项 -inform arg input format - one o

Openssl rsa命令

一.简介 Rsa命令用于处理RSA密钥.格式转换和打印信息二.语法 openssl rsa [-inform PEM|NET|DER] [-outform PEM|NET|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-sgckey] [-text] [-noout] [-modulus] [-check] [-pubin] [-pubout] [-engine id] [-des] [-des3] [-id

Openssl speed命令

一.简介 speed命令用于测试库的性能二.语法 openssl speed [md2] [mdc2] [md5] [hmac] [sha1] [sha256] [sha512] [whirlpool] [rmd160] [idea-cbc] [seed-cbc] [rc2-cbc] [rc5-cbc] [bf-cbc] [des-cbc] [des-ede3] [aes-128-cbc] [aes-192-cbc] [aes-256-cbc] [aes-128-ige] [aes-192-i