Openssl oscp命令
生活随笔
收集整理的這篇文章主要介紹了
Openssl oscp命令
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
一、簡介
ocsp,在線證書狀態命,能夠執行很多OCSP的任務,可以被用于打印請求文件和響應文件,
二、語法
openssl ocsp [-out file] [-issuer file] [-cert file] [-serial num] [-signer file] [-signkey file ] [-sign_other file ] [-no_certs] [-req_text] [-resp_text] [-text] [-reqout file] [-respout file] [-reqin file] [-respin file] [-nonce] [-no_nonce] [-url URL] [-host host:n] [-path] [-CApath dir] [-CAfile file] [-VAfile file] [-validity_period n] [-status_age n] [-noverify] [-verify_other file] [-trust_other] [-no_intern] [-no_signature_verify] [-no_cert_verify] [-no_chain] [-no_cert_checks] [-port num] [-index file] [-CA file] [-rsigner file] [-rkey file] [-rother file] [-resp_no_certs] [-nmin n] [-ndays n] [-resp_key_id] [-nrequest n]
選項
-out file output filename -issuer file issuer certificate -cert file certificate to check -serial n serial number to check -signer file certificate to sign OCSP request with -signkey file private key to sign OCSP request with -sign_other file additional certificates to include in signed request -no_certs don't include any certificates in signed request -req_text print text form of request -resp_text print text form of response -text print text form of request and response -reqout file write DER encoded OCSP request to "file" -respout file write DER encoded OCSP reponse to "file" -reqin file read DER encoded OCSP request from "file" -respin file read DER encoded OCSP reponse from "file" -nonce add OCSP nonce to request -no_nonce don't add OCSP nonce to request -url URL OCSP responder URL -host host:n send OCSP request to host on port n -path path to use in OCSP request -CApath dir trusted certificates directory -CAfile file trusted certificates file -trusted_first use trusted certificates first when building the trust chain -VAfile file validator certificates file -validity_period n maximum validity discrepancy in seconds -status_age n maximum status age in seconds -noverify don't verify response at all -verify_other file additional certificates to search for signer -trust_other don't verify additional certificates -no_intern don't search certificates contained in response for signer -no_signature_verify don't check signature on response -no_cert_verify don't check signing certificate -no_chain don't chain verify response -no_cert_checks don't do additional checks on signing certificate -port num port to run responder on -index file certificate status index file -CA file CA certificate -rsigner file responder certificate to sign responses with -rkey file responder key to sign responses with -rother file other certificates to include in response -resp_no_certs don't include any certificates in response -nmin n number of minutes before next update -ndays n number of days before next update -resp_key_id identify reponse by signing certificate key ID -nrequest n number of requests to accept (default unlimited) -<dgst alg> use specified digest in the request
三、實例
1、生成OCSP請求并寫入到文件
openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der
參考:http://blog.csdn.net/as3luyuan123/article/details/14906179
總結
以上是生活随笔為你收集整理的Openssl oscp命令的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 解决mendix本地运行登录的用户和密码
- 下一篇: ubuntu 18.04多应用窗口切换的