ocsprf is OCSP Response Fetch CLI.
The gem is available at rubygems.org. You can install it the following.
$ gem install ocsprf$ ocsprf --help
Usage: ocsprf [options] PATH
-i, --issuer PATH issuer certificate path
-o, --output PATH output file path
-s, --strict strict mode (default false)
-v, --verbose verbose mode (default false)You can run it the following and print the DER-encoded OCSP Response that fetched.
$ ocsprf /path/to/subject/certificate
$DER_BINARYIf you need to print OCSP Response text, you can run it the following.
$ ocsprf /path/to/subject/certificate --verbose > /dev/null
OCSP Response Data:
OCSP Response Status: (0x0)
Responses:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 0123456789ABCDEF0123456789ABCDEF01234567
Issuer Key Hash: 0123456789ABCDEF0123456789ABCDEF01234567
Serial Number: 0123456789ABCDEF0123456789ABCDEF01234567
Cert Status: good
This Update: 2020-01-01 12:00:00 UTC
Next Update: 2020-01-08 12:00:00 UTCIf you have the issuer certificate corresponding to the subject certificate, you can pass it using --issuer option.
By default, ocsprf tries to get the issuer certificate using AIA extension.
$ ocsprf /path/to/subject/certificate --issuer /path/to/issuer/certificate --verbose > /dev/null
OCSP Response Data:
OCSP Response Status: (0x0)
Responses:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 0123456789ABCDEF0123456789ABCDEF01234567
Issuer Key Hash: 0123456789ABCDEF0123456789ABCDEF01234567
Serial Number: 0123456789ABCDEF0123456789ABCDEF01234567
Cert Status: good
This Update: 2020-01-01 12:00:00 UTC
Next Update: 2020-01-08 12:00:00 UTCThe gem is available as open source under the terms of the MIT License.