123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494 |
- =pod
- {- OpenSSL::safe::output_do_not_edit_headers(); -}
- =head1 NAME
- openssl-ocsp - Online Certificate Status Protocol command
- =head1 SYNOPSIS
- =head2 OCSP Client
- B<openssl> B<ocsp>
- [B<-help>]
- [B<-out> I<file>]
- [B<-issuer> I<file>]
- [B<-cert> I<file>]
- [B<-serial> I<n>]
- [B<-signer> I<file>]
- [B<-signkey> I<file>]
- [B<-sign_other> I<file>]
- [B<-nonce>]
- [B<-no_nonce>]
- [B<-req_text>]
- [B<-resp_text>]
- [B<-text>]
- [B<-no_certs>]
- [B<-reqout> I<file>]
- [B<-respout> I<file>]
- [B<-reqin> I<file>]
- [B<-respin> I<file>]
- [B<-url> I<URL>]
- [B<-host> I<host>:I<port>]
- [B<-header>]
- [B<-timeout> I<seconds>]
- [B<-path>]
- [B<-VAfile> I<file>]
- [B<-validity_period> I<n>]
- [B<-status_age> I<n>]
- [B<-noverify>]
- [B<-verify_other> I<file>]
- [B<-trust_other>]
- [B<-no_intern>]
- [B<-no_signature_verify>]
- [B<-no_cert_verify>]
- [B<-no_chain>]
- [B<-no_cert_checks>]
- [B<-no_explicit>]
- [B<-port> I<num>]
- [B<-ignore_err>]
- =head2 OCSP Server
- B<openssl> B<ocsp>
- [B<-index> I<file>]
- [B<-CA> I<file>]
- [B<-rsigner> I<file>]
- [B<-rkey> I<file>]
- [B<-passin> I<arg>]
- [B<-rother> I<file>]
- [B<-rsigopt> I<nm>:I<v>]
- [B<-rmd> I<digest>]
- [B<-badsig>]
- [B<-resp_no_certs>]
- [B<-nmin> I<n>]
- [B<-ndays> I<n>]
- [B<-resp_key_id>]
- [B<-nrequest> I<n>]
- [B<-multi> I<process-count>]
- [B<-rcid> I<digest>]
- [B<-I<digest>>]
- {- $OpenSSL::safe::opt_trust_synopsis -}
- {- $OpenSSL::safe::opt_v_synopsis -}
- {- $OpenSSL::safe::opt_provider_synopsis -}
- =for openssl ifdef multi
- =head1 DESCRIPTION
- The Online Certificate Status Protocol (OCSP) enables applications to
- determine the (revocation) state of an identified certificate (RFC 2560).
- This command performs many common OCSP tasks. It can be used
- to print out requests and responses, create requests and send queries
- to an OCSP responder and behave like a mini OCSP server itself.
- =head1 OPTIONS
- This command operates as either a client or a server.
- The options are described below, divided into those two modes.
- =head2 OCSP Client Options
- =over 4
- =item B<-help>
- Print out a usage message.
- =item B<-out> I<filename>
- specify output filename, default is standard output.
- =item B<-issuer> I<filename>
- This specifies the current issuer certificate. This option can be used
- multiple times.
- This option B<MUST> come before any B<-cert> options.
- =item B<-cert> I<filename>
- Add the certificate I<filename> to the request. The issuer certificate
- is taken from the previous B<-issuer> option, or an error occurs if no
- issuer certificate is specified.
- =item B<-serial> I<num>
- Same as the B<-cert> option except the certificate with serial number
- B<num> is added to the request. The serial number is interpreted as a
- decimal integer unless preceded by C<0x>. Negative integers can also
- be specified by preceding the value by a C<-> sign.
- =item B<-signer> I<filename>, B<-signkey> I<filename>
- Sign the OCSP request using the certificate specified in the B<-signer>
- option and the private key specified by the B<-signkey> option. If
- the B<-signkey> option is not present then the private key is read
- from the same file as the certificate. If neither option is specified then
- the OCSP request is not signed.
- =item B<-sign_other> I<filename>
- Additional certificates to include in the signed request.
- The input can be in PEM, DER, or PKCS#12 format.
- =item B<-nonce>, B<-no_nonce>
- Add an OCSP nonce extension to a request or disable OCSP nonce addition.
- Normally if an OCSP request is input using the B<-reqin> option no
- nonce is added: using the B<-nonce> option will force addition of a nonce.
- If an OCSP request is being created (using B<-cert> and B<-serial> options)
- a nonce is automatically added specifying B<-no_nonce> overrides this.
- =item B<-req_text>, B<-resp_text>, B<-text>
- Print out the text form of the OCSP request, response or both respectively.
- =item B<-reqout> I<file>, B<-respout> I<file>
- Write out the DER encoded certificate request or response to I<file>.
- =item B<-reqin> I<file>, B<-respin> I<file>
- Read OCSP request or response file from I<file>. These option are ignored
- if OCSP request or response creation is implied by other options (for example
- with B<-serial>, B<-cert> and B<-host> options).
- =item B<-url> I<responder_url>
- Specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified.
- =item B<-host> I<hostname>:I<port>, B<-path> I<pathname>
- If the B<-host> option is present then the OCSP request is sent to the host
- I<hostname> on port I<port>. The B<-path> option specifies the HTTP pathname
- to use or "/" by default. This is equivalent to specifying B<-url> with scheme
- http:// and the given hostname, port, and pathname.
- =item B<-header> I<name>=I<value>
- Adds the header I<name> with the specified I<value> to the OCSP request
- that is sent to the responder.
- This may be repeated.
- =item B<-timeout> I<seconds>
- Connection timeout to the OCSP responder in seconds.
- On POSIX systems, when running as an OCSP responder, this option also limits
- the time that the responder is willing to wait for the client request.
- This time is measured from the time the responder accepts the connection until
- the complete request is received.
- =item B<-verify_other> I<file>
- File or URI containing additional certificates to search
- when attempting to locate
- the OCSP response signing certificate. Some responders omit the actual signer's
- certificate from the response: this option can be used to supply the necessary
- certificate in such cases.
- The input can be in PEM, DER, or PKCS#12 format.
- =item B<-trust_other>
- The certificates specified by the B<-verify_other> option should be explicitly
- trusted and no additional checks will be performed on them. This is useful
- when the complete responder certificate chain is not available or trusting a
- root CA is not appropriate.
- =item B<-VAfile> I<file>
- File or URI containing explicitly trusted responder certificates.
- Equivalent to the B<-verify_other> and B<-trust_other> options.
- The input can be in PEM, DER, or PKCS#12 format.
- =item B<-noverify>
- Don't attempt to verify the OCSP response signature or the nonce
- values. This option will normally only be used for debugging since it
- disables all verification of the responders certificate.
- =item B<-no_intern>
- Ignore certificates contained in the OCSP response when searching for the
- signers certificate. With this option the signers certificate must be specified
- with either the B<-verify_other> or B<-VAfile> options.
- =item B<-no_signature_verify>
- Don't check the signature on the OCSP response. Since this option
- tolerates invalid signatures on OCSP responses it will normally only be
- used for testing purposes.
- =item B<-no_cert_verify>
- Don't verify the OCSP response signers certificate at all. Since this
- option allows the OCSP response to be signed by any certificate it should
- only be used for testing purposes.
- =item B<-no_chain>
- Do not use certificates in the response as additional untrusted CA
- certificates.
- =item B<-no_explicit>
- Do not explicitly trust the root CA if it is set to be trusted for OCSP signing.
- =item B<-no_cert_checks>
- Don't perform any additional checks on the OCSP response signers certificate.
- That is do not make any checks to see if the signers certificate is authorised
- to provide the necessary status information: as a result this option should
- only be used for testing purposes.
- =item B<-validity_period> I<nsec>, B<-status_age> I<age>
- These options specify the range of times, in seconds, which will be tolerated
- in an OCSP response. Each certificate status response includes a B<notBefore>
- time and an optional B<notAfter> time. The current time should fall between
- these two values, but the interval between the two times may be only a few
- seconds. In practice the OCSP responder and clients clocks may not be precisely
- synchronised and so such a check may fail. To avoid this the
- B<-validity_period> option can be used to specify an acceptable error range in
- seconds, the default value is 5 minutes.
- If the B<notAfter> time is omitted from a response then this means that new
- status information is immediately available. In this case the age of the
- B<notBefore> field is checked to see it is not older than I<age> seconds old.
- By default this additional check is not performed.
- =item B<-rcid> I<digest>
- This option sets the digest algorithm to use for certificate identification
- in the OCSP response. Any digest supported by the L<openssl-dgst(1)> command can
- be used. The default is the same digest algorithm used in the request.
- =item B<-I<digest>>
- This option sets digest algorithm to use for certificate identification in the
- OCSP request. Any digest supported by the OpenSSL B<dgst> command can be used.
- The default is SHA-1. This option may be used multiple times to specify the
- digest used by subsequent certificate identifiers.
- {- $OpenSSL::safe::opt_trust_item -}
- {- $OpenSSL::safe::opt_v_item -}
- {- $OpenSSL::safe::opt_provider_item -}
- =back
- =head2 OCSP Server Options
- =over 4
- =item B<-index> I<indexfile>
- The I<indexfile> parameter is the name of a text index file in B<ca>
- format containing certificate revocation information.
- If the B<-index> option is specified then this command switches to
- responder mode, otherwise it is in client mode. The request(s) the responder
- processes can be either specified on the command line (using B<-issuer>
- and B<-serial> options), supplied in a file (using the B<-reqin> option)
- or via external OCSP clients (if B<-port> or B<-url> is specified).
- If the B<-index> option is present then the B<-CA> and B<-rsigner> options
- must also be present.
- =item B<-CA> I<file>
- CA certificate corresponding to the revocation information in the index
- file given with B<-index>.
- The input can be in PEM, DER, or PKCS#12 format.
- =item B<-rsigner> I<file>
- The certificate to sign OCSP responses with.
- =item B<-rkey> I<file>
- The private key to sign OCSP responses with: if not present the file
- specified in the B<-rsigner> option is used.
- =item B<-passin> I<arg>
- The private key password source. For more information about the format of I<arg>
- see L<openssl(1)/Pass Phrase Options>.
- =item B<-rother> I<file>
- Additional certificates to include in the OCSP response.
- The input can be in PEM, DER, or PKCS#12 format.
- =item B<-rsigopt> I<nm>:I<v>
- Pass options to the signature algorithm when signing OCSP responses.
- Names and values of these options are algorithm-specific.
- =item B<-rmd> I<digest>
- The digest to use when signing the response.
- =item B<-badsig>
- Corrupt the response signature before writing it; this can be useful
- for testing.
- =item B<-resp_no_certs>
- Don't include any certificates in the OCSP response.
- =item B<-resp_key_id>
- Identify the signer certificate using the key ID, default is to use the
- subject name.
- =item B<-port> I<portnum>
- Port to listen for OCSP requests on. The port may also be specified
- using the B<url> option.
- =item B<-ignore_err>
- Ignore malformed requests or responses: When acting as an OCSP client, retry if
- a malformed response is received. When acting as an OCSP responder, continue
- running instead of terminating upon receiving a malformed request.
- =item B<-nrequest> I<number>
- The OCSP server will exit after receiving I<number> requests, default unlimited.
- =item B<-multi> I<process-count>
- Run the specified number of OCSP responder child processes, with the parent
- process respawning child processes as needed.
- Child processes will detect changes in the CA index file and automatically
- reload it.
- When running as a responder B<-timeout> option is recommended to limit the time
- each child is willing to wait for the client's OCSP response.
- This option is available on POSIX systems (that support the fork() and other
- required unix system-calls).
- =item B<-nmin> I<minutes>, B<-ndays> I<days>
- Number of minutes or days when fresh revocation information is available:
- used in the B<nextUpdate> field. If neither option is present then the
- B<nextUpdate> field is omitted meaning fresh revocation information is
- immediately available.
- =back
- =head1 OCSP RESPONSE VERIFICATION
- OCSP Response follows the rules specified in RFC2560.
- Initially the OCSP responder certificate is located and the signature on
- the OCSP request checked using the responder certificate's public key.
- Then a normal certificate verify is performed on the OCSP responder certificate
- building up a certificate chain in the process. The locations of the trusted
- certificates used to build the chain can be specified by the B<-CAfile>,
- B<-CApath> or B<-CAstore> options or they will be looked for in the
- standard OpenSSL certificates directory.
- If the initial verify fails then the OCSP verify process halts with an
- error.
- Otherwise the issuing CA certificate in the request is compared to the OCSP
- responder certificate: if there is a match then the OCSP verify succeeds.
- Otherwise the OCSP responder certificate's CA is checked against the issuing
- CA certificate in the request. If there is a match and the OCSPSigning
- extended key usage is present in the OCSP responder certificate then the
- OCSP verify succeeds.
- Otherwise, if B<-no_explicit> is B<not> set the root CA of the OCSP responders
- CA is checked to see if it is trusted for OCSP signing. If it is the OCSP
- verify succeeds.
- If none of these checks is successful then the OCSP verify fails.
- What this effectively means if that if the OCSP responder certificate is
- authorised directly by the CA it is issuing revocation information about
- (and it is correctly configured) then verification will succeed.
- If the OCSP responder is a "global responder" which can give details about
- multiple CAs and has its own separate certificate chain then its root
- CA can be trusted for OCSP signing. For example:
- openssl x509 -in ocspCA.pem -addtrust OCSPSigning -out trustedCA.pem
- Alternatively the responder certificate itself can be explicitly trusted
- with the B<-VAfile> option.
- =head1 NOTES
- As noted, most of the verify options are for testing or debugging purposes.
- Normally only the B<-CApath>, B<-CAfile>, B<-CAstore> and (if the responder
- is a 'global VA') B<-VAfile> options need to be used.
- The OCSP server is only useful for test and demonstration purposes: it is
- not really usable as a full OCSP responder. It contains only a very
- simple HTTP request handling and can only handle the POST form of OCSP
- queries. It also handles requests serially meaning it cannot respond to
- new requests until it has processed the current one. The text index file
- format of revocation is also inefficient for large quantities of revocation
- data.
- It is possible to run this command in responder mode via a CGI
- script using the B<-reqin> and B<-respout> options.
- =head1 EXAMPLES
- Create an OCSP request and write it to a file:
- openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der
- Send a query to an OCSP responder with URL http://ocsp.myhost.com/ save the
- response to a file, print it out in text form, and verify the response:
- openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \
- -url http://ocsp.myhost.com/ -resp_text -respout resp.der
- Read in an OCSP response and print out text form:
- openssl ocsp -respin resp.der -text -noverify
- OCSP server on port 8888 using a standard B<ca> configuration, and a separate
- responder certificate. All requests and responses are printed to a file.
- openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
- -text -out log.txt
- As above but exit after processing one request:
- openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
- -nrequest 1
- Query status information using an internally generated request:
- openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
- -issuer demoCA/cacert.pem -serial 1
- Query status information using request read from a file, and write the response
- to a second file.
- openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
- -reqin req.der -respout resp.der
- =head1 HISTORY
- The -no_alt_chains option was added in OpenSSL 1.1.0.
- =head1 COPYRIGHT
- Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
- Licensed under the Apache License 2.0 (the "License"). You may not use
- this file except in compliance with the License. You can obtain a copy
- in the file LICENSE in the source distribution or at
- L<https://www.openssl.org/source/license.html>.
- =cut
|