23 lines
1.0 KiB
Plaintext
23 lines
1.0 KiB
Plaintext
# issuer-ocsp-responses contains two OCSP responses from test-ca.pem, signed by
|
|
# test-ca.pem. One is signed 2014, good til 2015, and the other is signed 2015,
|
|
# good til 2030. Only the latter should be served. Note that order is important.
|
|
# If there are two entries for the same serial number in the file, the one that
|
|
# occurs last in the file will take priority.
|
|
#
|
|
# The response were generated with:
|
|
# openssl x509 -outform der -in test/test-root.pem -out test/test-root.der
|
|
# single-ocsp --issuer test/test-root.der --responder test/test-root.der \
|
|
# --target test/test-ca.der --template template.json --pkcs11 ~/pkcs11.json \
|
|
# --out ocsp.rsp
|
|
# base64 ocsp.rsp | tr -d '\n' > issuer-ocsp-responses.txt
|
|
# Note that you must setup SoftHSM locally, import the private key from
|
|
# test-ca.key, and put appropriate settings in pkcs11.json for this to work.
|
|
# Format is one base64-encoded DER entry per line.
|
|
#
|
|
# template.json looks like this:
|
|
# {
|
|
# "Status": 0,
|
|
# "ThisUpdate": "2014-09-23T00:00:00Z",
|
|
# "NextUpdate": "2015-08-23T00:00:00Z"
|
|
# }
|