OPENSOURCE SECURITY AND IDENTITY MANAGEMENT SOLUTIONS
A new version is available!
The OpenCA OCSPD project is aimed to develop a robust and easy-to-install OCSP daemon. The server is developed as a stand-alone application and can be integrated into many different PKI solutions as it does not depend on specific database scheme. Furthermore it can be used as a responder for multiple CAs.
The OCSP Responder is an rfc2560 compliant OCSPD responder. The purpose of such a server is to provide an on-line tool to verify the status of a certificate (such as Mozilla/Firefox/Netscape7).
The Responder was included into the main OpenCA distribution package. It is also possible to install the daemon as a stand-alone application, all you will need is a CRL (or access to an LDAP server where to get the CRL from).
The software is reported to work with Mozilla/Netscape. If you have carried out some testing and want to discuss it with us, please just send an e-mail or subscribe the ocspd mailing lists.
OCSPD v2.1.0 (Ellie)
by madwolf @ 11.02.2011
A new version of the OCSPD responder is available for download. Major improvements over the last publicly available version are: Updated default configuration files (default passin set to none), enhanced support for ECDSA support, updated thread management with builtin support from LibPKI 0.6.3, fixed start/stop script, fixed a memory error in config.c causing segfault on CRL reload, deleted extra two bytes sent out after the DER encoding of the response is written (that was causing Firefox/Thunderbird not to validate the answer), fixed an error in return code check for PKI_NET_listen, fixed error in config parsing when no bind address was provided.
OCSPD Firefox Fix
by madwolf @ 19.11.2010
Due to a bug in Firefox (memory management), you need to have the OCSPD to be compiled against the LibPKI v0.6.1+. Please download the source code and re-compile the daemon once you updated the crypto library.
by madwolf @ 17.11.2010
A new version of the OCSPD responder is available for download. Major improvements over the last publicly available version (mostly coming from supporting for LibPKI v0.6.0) are: extensive support for hardware devices (PKCS#11 and OpenSSL Engine), multiple keypair and certificate support for response signatures, POST and GET support, IPv6 support.
by madwolf @ 21.10.2006
New release candidate (rc1) available for download. Major improvements are: threads support and improved HTTP headers parsing.