OpenCA Research Labs

OCSP Responder

OPENSOURCE SECURITY AND IDENTITY MANAGEMENT SOLUTIONS

OCSP Responder

OCSPD v2.1.0
A new version is available!

The OpenCA OCSPD project is aimed to develop a robust and easy-to-install OCSP daemon. The server is developed as a stand-alone application and can be integrated into many different PKI solutions as it does not depend on specific database scheme. Furthermore it can be used as a responder for multiple CAs.

The OCSP Responder is an rfc2560 compliant OCSPD responder. The purpose of such a server is to provide an on-line tool to verify the status of a certificate (such as Mozilla/Firefox/Netscape7).

The Responder was included into the main OpenCA distribution package. It is also possible to install the daemon as a stand-alone application, all you will need is a CRL (or access to an LDAP server where to get the CRL from).

The software is reported to work with Mozilla/Netscape. If you have carried out some testing and want to discuss it with us, please just send an e-mail or subscribe the ocspd mailing lists.

YUM REPOS

Projects

DOWNLOADS

OCSPD v2.1.0 (Ellie)

by madwolf @ 11.02.2011

A new version of the OCSPD responder is available for download. Major improvements over the last publicly available version are: Updated default configuration files (default passin set to none), enhanced support for ECDSA support, updated thread management with builtin support from LibPKI 0.6.3, fixed start/stop script, fixed a memory error in config.c causing segfault on CRL reload, deleted extra two bytes sent out after the DER encoding of the response is written (that was causing Firefox/Thunderbird not to validate the answer), fixed an error in return code check for PKI_NET_listen, fixed error in config parsing when no bind address was provided.

OCSPD Firefox Fix

by madwolf @ 19.11.2010

Due to a bug in Firefox (memory management), you need to have the OCSPD to be compiled against the LibPKI v0.6.1+. Please download the source code and re-compile the daemon once you updated the crypto library.

OCSPD 2.0.0

by madwolf @ 17.11.2010

A new version of the OCSPD responder is available for download. Major improvements over the last publicly available version (mostly coming from supporting for LibPKI v0.6.0) are: extensive support for hardware devices (PKCS#11 and OpenSSL Engine), multiple keypair and certificate support for response signatures, POST and GET support, IPv6 support.

OCSPD 1.9.0-rc1

by madwolf @ 21.10.2006

New release candidate (rc1) available for download. Major improvements are: threads support and improved HTTP headers parsing.

4102