/dyocsp

DyOCSP - Flexible DB OCSP Responder

Primary LanguageGoMIT LicenseMIT

DyOCSP - Flexible DB OCSP Responder

Run Tests codecov Go Report Card

Introduction

DyOCSP is an OCSP responder for private CA, and implementation of RFC 6960 and RFC 5019. The objective is to have a responder with flexible database backend choices.

Download

docker pull yuxki/dyocsp:v0.2.6
  • Or get the sources:
git clone https://github.com/yuxki/dyocsp

Please try Demo after download.

Supported Environments

Database

Protocol

  • HTTP

Signing Key Format

  • PKCS# 8

Full Documentation

Documentation is available here: manual

Demo

Start OCSP Responder Server

Build and run dyocsp with a demo configuration file, certificate, and key.

  • Binary
$ cd ./demo
$ go build ../cmd/dyocsp
$ ./dyocsp -c delegate-dyocsp.yml
  • Docker Image
$ cd ./demo
$ docker pull yuxki/dyocsp:v0.1.0
$ docker run --rm -v $(pwd):/work --workdir=/work yuxki/dyocsp:v0.1.0 -c delegate-dyocsp.yml

Test OCSP Request

Open another terminal.

# Request "successful good" certificate
$ cd demo
$ openssl ocsp \
    -CAfile ca/root-ca.crt \
    -issuer ca/sub-ca.crt \
    -cert ca/good.crt \
    -no_nonce \
    -url http://localhost:9080
# Request "successful revoked" certificate
$ cd ./demo
$ openssl ocsp \
    -CAfile ca/root-ca.crt \
    -issuer ca/sub-ca.crt \
    -cert ca/revoked.crt \
    -no_nonce \
    -url http://localhost:9080