1=pod 2 3=head1 NAME 4 5openssl-ocsp, 6ocsp - Online Certificate Status Protocol utility 7 8=head1 SYNOPSIS 9 10B<openssl> B<ocsp> 11[B<-help>] 12[B<-out file>] 13[B<-issuer file>] 14[B<-cert file>] 15[B<-serial n>] 16[B<-signer file>] 17[B<-signkey file>] 18[B<-sign_other file>] 19[B<-no_certs>] 20[B<-req_text>] 21[B<-resp_text>] 22[B<-text>] 23[B<-reqout file>] 24[B<-respout file>] 25[B<-reqin file>] 26[B<-respin file>] 27[B<-nonce>] 28[B<-no_nonce>] 29[B<-url URL>] 30[B<-host host:port>] 31[B<-multi process-count>] 32[B<-header>] 33[B<-path>] 34[B<-CApath dir>] 35[B<-CAfile file>] 36[B<-no-CAfile>] 37[B<-no-CApath>] 38[B<-attime timestamp>] 39[B<-check_ss_sig>] 40[B<-crl_check>] 41[B<-crl_check_all>] 42[B<-explicit_policy>] 43[B<-extended_crl>] 44[B<-ignore_critical>] 45[B<-inhibit_any>] 46[B<-inhibit_map>] 47[B<-no_check_time>] 48[B<-partial_chain>] 49[B<-policy arg>] 50[B<-policy_check>] 51[B<-policy_print>] 52[B<-purpose purpose>] 53[B<-suiteB_128>] 54[B<-suiteB_128_only>] 55[B<-suiteB_192>] 56[B<-trusted_first>] 57[B<-no_alt_chains>] 58[B<-use_deltas>] 59[B<-auth_level num>] 60[B<-verify_depth num>] 61[B<-verify_email email>] 62[B<-verify_hostname hostname>] 63[B<-verify_ip ip>] 64[B<-verify_name name>] 65[B<-x509_strict>] 66[B<-VAfile file>] 67[B<-validity_period n>] 68[B<-status_age n>] 69[B<-noverify>] 70[B<-verify_other file>] 71[B<-trust_other>] 72[B<-no_intern>] 73[B<-no_signature_verify>] 74[B<-no_cert_verify>] 75[B<-no_chain>] 76[B<-no_cert_checks>] 77[B<-no_explicit>] 78[B<-port num>] 79[B<-ignore_err>] 80[B<-index file>] 81[B<-CA file>] 82[B<-rsigner file>] 83[B<-rkey file>] 84[B<-rother file>] 85[B<-rsigopt nm:v>] 86[B<-resp_no_certs>] 87[B<-nmin n>] 88[B<-ndays n>] 89[B<-resp_key_id>] 90[B<-nrequest n>] 91[B<-I<digest>>] 92 93=head1 DESCRIPTION 94 95The Online Certificate Status Protocol (OCSP) enables applications to 96determine the (revocation) state of an identified certificate (RFC 2560). 97 98The B<ocsp> command performs many common OCSP tasks. It can be used 99to print out requests and responses, create requests and send queries 100to an OCSP responder and behave like a mini OCSP server itself. 101 102=head1 OPTIONS 103 104This command operates as either a client or a server. 105The options are described below, divided into those two modes. 106 107=head2 OCSP Client Options 108 109=over 4 110 111=item B<-help> 112 113Print out a usage message. 114 115=item B<-out filename> 116 117specify output filename, default is standard output. 118 119=item B<-issuer filename> 120 121This specifies the current issuer certificate. This option can be used 122multiple times. The certificate specified in B<filename> must be in 123PEM format. This option B<MUST> come before any B<-cert> options. 124 125=item B<-cert filename> 126 127Add the certificate B<filename> to the request. The issuer certificate 128is taken from the previous B<issuer> option, or an error occurs if no 129issuer certificate is specified. 130 131=item B<-serial num> 132 133Same as the B<cert> option except the certificate with serial number 134B<num> is added to the request. The serial number is interpreted as a 135decimal integer unless preceded by B<0x>. Negative integers can also 136be specified by preceding the value by a B<-> sign. 137 138=item B<-signer filename>, B<-signkey filename> 139 140Sign the OCSP request using the certificate specified in the B<signer> 141option and the private key specified by the B<signkey> option. If 142the B<signkey> option is not present then the private key is read 143from the same file as the certificate. If neither option is specified then 144the OCSP request is not signed. 145 146=item B<-sign_other filename> 147 148Additional certificates to include in the signed request. 149 150=item B<-nonce>, B<-no_nonce> 151 152Add an OCSP nonce extension to a request or disable OCSP nonce addition. 153Normally if an OCSP request is input using the B<reqin> option no 154nonce is added: using the B<nonce> option will force addition of a nonce. 155If an OCSP request is being created (using B<cert> and B<serial> options) 156a nonce is automatically added specifying B<no_nonce> overrides this. 157 158=item B<-req_text>, B<-resp_text>, B<-text> 159 160Print out the text form of the OCSP request, response or both respectively. 161 162=item B<-reqout file>, B<-respout file> 163 164Write out the DER encoded certificate request or response to B<file>. 165 166=item B<-reqin file>, B<-respin file> 167 168Read OCSP request or response file from B<file>. These option are ignored 169if OCSP request or response creation is implied by other options (for example 170with B<serial>, B<cert> and B<host> options). 171 172=item B<-url responder_url> 173 174Specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified. 175 176=item B<-host hostname:port>, B<-path pathname> 177 178If the B<host> option is present then the OCSP request is sent to the host 179B<hostname> on port B<port>. B<path> specifies the HTTP pathname to use 180or "/" by default. This is equivalent to specifying B<-url> with scheme 181http:// and the given hostname, port, and pathname. 182 183=item B<-header name=value> 184 185Adds the header B<name> with the specified B<value> to the OCSP request 186that is sent to the responder. 187This may be repeated. 188 189=item B<-timeout seconds> 190 191Connection timeout to the OCSP responder in seconds. 192On POSIX systems, when running as an OCSP responder, this option also limits 193the time that the responder is willing to wait for the client request. 194This time is measured from the time the responder accepts the connection until 195the complete request is received. 196 197=item B<-multi process-count> 198 199Run the specified number of OCSP responder child processes, with the parent 200process respawning child processes as needed. 201Child processes will detect changes in the CA index file and automatically 202reload it. 203When running as a responder B<-timeout> option is recommended to limit the time 204each child is willing to wait for the client's OCSP response. 205This option is available on POSIX systems (that support the fork() and other 206required unix system-calls). 207 208=item B<-CAfile file>, B<-CApath pathname> 209 210File or pathname containing trusted CA certificates. These are used to verify 211the signature on the OCSP response. 212 213=item B<-no-CAfile> 214 215Do not load the trusted CA certificates from the default file location 216 217=item B<-no-CApath> 218 219Do not load the trusted CA certificates from the default directory location 220 221=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>, 222B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>, 223B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>, 224B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>, 225B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>, 226B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, 227B<-verify_ip>, B<-verify_name>, B<-x509_strict> 228 229Set different certificate verification options. 230See L<verify(1)> manual page for details. 231 232=item B<-verify_other file> 233 234File containing additional certificates to search when attempting to locate 235the OCSP response signing certificate. Some responders omit the actual signer's 236certificate from the response: this option can be used to supply the necessary 237certificate in such cases. 238 239=item B<-trust_other> 240 241The certificates specified by the B<-verify_other> option should be explicitly 242trusted and no additional checks will be performed on them. This is useful 243when the complete responder certificate chain is not available or trusting a 244root CA is not appropriate. 245 246=item B<-VAfile file> 247 248File containing explicitly trusted responder certificates. Equivalent to the 249B<-verify_other> and B<-trust_other> options. 250 251=item B<-noverify> 252 253Don't attempt to verify the OCSP response signature or the nonce 254values. This option will normally only be used for debugging since it 255disables all verification of the responders certificate. 256 257=item B<-no_intern> 258 259Ignore certificates contained in the OCSP response when searching for the 260signers certificate. With this option the signers certificate must be specified 261with either the B<-verify_other> or B<-VAfile> options. 262 263=item B<-no_signature_verify> 264 265Don't check the signature on the OCSP response. Since this option 266tolerates invalid signatures on OCSP responses it will normally only be 267used for testing purposes. 268 269=item B<-no_cert_verify> 270 271Don't verify the OCSP response signers certificate at all. Since this 272option allows the OCSP response to be signed by any certificate it should 273only be used for testing purposes. 274 275=item B<-no_chain> 276 277Do not use certificates in the response as additional untrusted CA 278certificates. 279 280=item B<-no_explicit> 281 282Do not explicitly trust the root CA if it is set to be trusted for OCSP signing. 283 284=item B<-no_cert_checks> 285 286Don't perform any additional checks on the OCSP response signers certificate. 287That is do not make any checks to see if the signers certificate is authorised 288to provide the necessary status information: as a result this option should 289only be used for testing purposes. 290 291=item B<-validity_period nsec>, B<-status_age age> 292 293These options specify the range of times, in seconds, which will be tolerated 294in an OCSP response. Each certificate status response includes a B<notBefore> 295time and an optional B<notAfter> time. The current time should fall between 296these two values, but the interval between the two times may be only a few 297seconds. In practice the OCSP responder and clients clocks may not be precisely 298synchronised and so such a check may fail. To avoid this the 299B<-validity_period> option can be used to specify an acceptable error range in 300seconds, the default value is 5 minutes. 301 302If the B<notAfter> time is omitted from a response then this means that new 303status information is immediately available. In this case the age of the 304B<notBefore> field is checked to see it is not older than B<age> seconds old. 305By default this additional check is not performed. 306 307=item B<-I<digest>> 308 309This option sets digest algorithm to use for certificate identification in the 310OCSP request. Any digest supported by the OpenSSL B<dgst> command can be used. 311The default is SHA-1. This option may be used multiple times to specify the 312digest used by subsequent certificate identifiers. 313 314=back 315 316=head2 OCSP Server Options 317 318=over 4 319 320=item B<-index indexfile> 321 322The B<indexfile> parameter is the name of a text index file in B<ca> 323format containing certificate revocation information. 324 325If the B<index> option is specified the B<ocsp> utility is in responder 326mode, otherwise it is in client mode. The request(s) the responder 327processes can be either specified on the command line (using B<issuer> 328and B<serial> options), supplied in a file (using the B<reqin> option) 329or via external OCSP clients (if B<port> or B<url> is specified). 330 331If the B<index> option is present then the B<CA> and B<rsigner> options 332must also be present. 333 334=item B<-CA file> 335 336CA certificate corresponding to the revocation information in B<indexfile>. 337 338=item B<-rsigner file> 339 340The certificate to sign OCSP responses with. 341 342=item B<-rother file> 343 344Additional certificates to include in the OCSP response. 345 346=item B<-resp_no_certs> 347 348Don't include any certificates in the OCSP response. 349 350=item B<-resp_key_id> 351 352Identify the signer certificate using the key ID, default is to use the 353subject name. 354 355=item B<-rkey file> 356 357The private key to sign OCSP responses with: if not present the file 358specified in the B<rsigner> option is used. 359 360=item B<-rsigopt nm:v> 361 362Pass options to the signature algorithm when signing OCSP responses. 363Names and values of these options are algorithm-specific. 364 365=item B<-port portnum> 366 367Port to listen for OCSP requests on. The port may also be specified 368using the B<url> option. 369 370=item B<-ignore_err> 371 372Ignore malformed requests or responses: When acting as an OCSP client, retry if 373a malformed response is received. When acting as an OCSP responder, continue 374running instead of terminating upon receiving a malformed request. 375 376=item B<-nrequest number> 377 378The OCSP server will exit after receiving B<number> requests, default unlimited. 379 380=item B<-nmin minutes>, B<-ndays days> 381 382Number of minutes or days when fresh revocation information is available: 383used in the B<nextUpdate> field. If neither option is present then the 384B<nextUpdate> field is omitted meaning fresh revocation information is 385immediately available. 386 387=back 388 389=head1 OCSP Response verification. 390 391OCSP Response follows the rules specified in RFC2560. 392 393Initially the OCSP responder certificate is located and the signature on 394the OCSP request checked using the responder certificate's public key. 395 396Then a normal certificate verify is performed on the OCSP responder certificate 397building up a certificate chain in the process. The locations of the trusted 398certificates used to build the chain can be specified by the B<CAfile> 399and B<CApath> options or they will be looked for in the standard OpenSSL 400certificates directory. 401 402If the initial verify fails then the OCSP verify process halts with an 403error. 404 405Otherwise the issuing CA certificate in the request is compared to the OCSP 406responder certificate: if there is a match then the OCSP verify succeeds. 407 408Otherwise the OCSP responder certificate's CA is checked against the issuing 409CA certificate in the request. If there is a match and the OCSPSigning 410extended key usage is present in the OCSP responder certificate then the 411OCSP verify succeeds. 412 413Otherwise, if B<-no_explicit> is B<not> set the root CA of the OCSP responders 414CA is checked to see if it is trusted for OCSP signing. If it is the OCSP 415verify succeeds. 416 417If none of these checks is successful then the OCSP verify fails. 418 419What this effectively means if that if the OCSP responder certificate is 420authorised directly by the CA it is issuing revocation information about 421(and it is correctly configured) then verification will succeed. 422 423If the OCSP responder is a "global responder" which can give details about 424multiple CAs and has its own separate certificate chain then its root 425CA can be trusted for OCSP signing. For example: 426 427 openssl x509 -in ocspCA.pem -addtrust OCSPSigning -out trustedCA.pem 428 429Alternatively the responder certificate itself can be explicitly trusted 430with the B<-VAfile> option. 431 432=head1 NOTES 433 434As noted, most of the verify options are for testing or debugging purposes. 435Normally only the B<-CApath>, B<-CAfile> and (if the responder is a 'global 436VA') B<-VAfile> options need to be used. 437 438The OCSP server is only useful for test and demonstration purposes: it is 439not really usable as a full OCSP responder. It contains only a very 440simple HTTP request handling and can only handle the POST form of OCSP 441queries. It also handles requests serially meaning it cannot respond to 442new requests until it has processed the current one. The text index file 443format of revocation is also inefficient for large quantities of revocation 444data. 445 446It is possible to run the B<ocsp> application in responder mode via a CGI 447script using the B<reqin> and B<respout> options. 448 449=head1 EXAMPLES 450 451Create an OCSP request and write it to a file: 452 453 openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der 454 455Send a query to an OCSP responder with URL http://ocsp.myhost.com/ save the 456response to a file, print it out in text form, and verify the response: 457 458 openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \ 459 -url http://ocsp.myhost.com/ -resp_text -respout resp.der 460 461Read in an OCSP response and print out text form: 462 463 openssl ocsp -respin resp.der -text -noverify 464 465OCSP server on port 8888 using a standard B<ca> configuration, and a separate 466responder certificate. All requests and responses are printed to a file. 467 468 openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem 469 -text -out log.txt 470 471As above but exit after processing one request: 472 473 openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem 474 -nrequest 1 475 476Query status information using an internally generated request: 477 478 openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem 479 -issuer demoCA/cacert.pem -serial 1 480 481Query status information using request read from a file, and write the response 482to a second file. 483 484 openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem 485 -reqin req.der -respout resp.der 486 487=head1 HISTORY 488 489The -no_alt_chains option was added in OpenSSL 1.1.0. 490 491=head1 COPYRIGHT 492 493Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. 494 495Licensed under the OpenSSL license (the "License"). You may not use 496this file except in compliance with the License. You can obtain a copy 497in the file LICENSE in the source distribution or at 498L<https://www.openssl.org/source/license.html>. 499 500=cut 501