Table of Contents

OpenSSL - How to use OpenSSL from the outside



List


Note

How to check OCSP

# openssl s_client -connect x.x.x.x:443 -tls1 -tlsextdebug -status | grep -i "ocsp response" -B 5 -A 10

OCSP response:
======================================
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = IL, O = StartCom Ltd., OU = StartCom Certification Authority, CN = StartCom Class 1 DV Server CA OCSP Responder
    Produced At: Jan 14 18:19:02 2016 GMT
    Responses:
    Certificate ID:
     Hash Algorithm: sha1
      Issuer Name Hash: 5168159AB1999B3A55E860C022C9D519E0303D29
      Issuer Key Hash: D7914E01C4B0BFF8C86793449CE733FAAD930CAF
      Serial Number: 346F8F9596F4A3AEB2B0C3AE693B5A7F
    Cert Status: good


Import CA

cp CA_Class1.pem /etc/pki/ca-trust/source/anchors/
update-ca-trust extract

## Check
wget https://192.168.0.1/





Protocol