一、简介

ocsp,在线证书状态命,能够执行很多OCSP的任务,可以被用于打印请求文件和响应文件,

二、语法

openssl ocsp [-out file] [-issuer file] [-cert file] [-serial num] [-signer file] [-signkey file ]

[-sign_other file ] [-no_certs] [-req_text] [-resp_text] [-text] [-reqout file] [-respout file]

[-reqin file] [-respin file] [-nonce] [-no_nonce] [-url URL] [-host host:n] [-path] [-CApath dir]

[-CAfile file] [-VAfile file] [-validity_period n] [-status_age n] [-noverify] [-verify_other file]

[-trust_other] [-no_intern] [-no_signature_verify] [-no_cert_verify] [-no_chain] [-no_cert_checks]

[-port num] [-index file] [-CA file] [-rsigner file] [-rkey file] [-rother file] [-resp_no_certs] [-nmin n]

[-ndays n] [-resp_key_id] [-nrequest n]

选项

-out file          output filename

-issuer file       issuer certificate

-cert file         certificate to check

-serial n          serial number to check

-signer file       certificate to sign OCSP request with

-signkey file      private key to sign OCSP request with

-sign_other file   additional certificates to include in signed request

-no_certs          don't include any certificates in signed request

-req_text          print text form of request

-resp_text         print text form of response

-text              print text form of request and response

-reqout file       write DER encoded OCSP request to "file"

-respout file      write DER encoded OCSP reponse to "file"

-reqin file        read DER encoded OCSP request from "file"

-respin file       read DER encoded OCSP reponse from "file"

-nonce             add OCSP nonce to request

-no_nonce          don't add OCSP nonce to request

-url URL           OCSP responder URL

-host host:n       send OCSP request to host on port n

-path              path to use in OCSP request

-CApath dir        trusted certificates directory

-CAfile file       trusted certificates file

-trusted_first     use trusted certificates first when building the trust chain

-VAfile file       validator certificates file

-validity_period n maximum validity discrepancy in seconds

-status_age n      maximum status age in seconds

-noverify          don't verify response at all

-verify_other file additional certificates to search for signer

-trust_other       don't verify additional certificates

-no_intern         don't search certificates contained in response for signer

-no_signature_verify don't check signature on response

-no_cert_verify    don't check signing certificate

-no_chain          don't chain verify response

-no_cert_checks    don't do additional checks on signing certificate

-port num         port to run responder on

-index file     certificate status index file

-CA file         CA certificate

-rsigner file     responder certificate to sign responses with

-rkey file     responder key to sign responses with

-rother file     other certificates to include in response

-resp_no_certs     don't include any certificates in response

-nmin n          number of minutes before next update

-ndays n          number of days before next update

-resp_key_id       identify reponse by signing certificate key ID

-nrequest n        number of requests to accept (default unlimited)

-<dgst alg>     use specified digest in the request

三、实例

1、生成OCSP请求并写入到文件

openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der

Openssl oscp命令的更多相关文章

  1. (转)openssl 命令: openssl req 命令详解

                                      openssl req命令主要的功能有,生成证书请求文件, 查看验证证书请求文件,还有就是生成自签名证书.本文就主要记录一下open ...

  2. openssl常用命令行汇总

    openssl常用命令行汇总 随机数 openssl rand -out rand.dat -base64 32 摘要 直接做摘要 openssl dgst -sha1 -out dgst.dat p ...

  3. Openssl asn1parse命令

    一.简介 asn1parse命令是一种用来诊断ASN.1结构的工具,也能用于从ASN1.1数据中提取数据 二.语法 openssl asn1parse [-inform PEM|DER] [-in f ...

  4. Openssl pkcs7命令

    一.简介 pkcs7命令用于处理DER或者PEM格式的pkcs#7文件.   二.语法 openssl pkcs7 [-inform PEM|DER] [-outform PEM|DER] [-in ...

  5. Openssl crl2pkcs7命令

    一.简介 crl2pkcs命令用来根据CRL或证书来生成pkcs#7消息.   二.语法 openssl crl2pkcs7 [-inform PEM|DER ] [-outform PEM|DER ...

  6. Openssl verify命令

    一.简介 verify命令对证书的有效性进行验证,verify 指令会沿着证书链一直向上验证,直到一个自签名的CA 二.语法 openssl verify [-CApath directory] [- ...

  7. Openssl rsa命令

    一.简介 Rsa命令用于处理RSA密钥.格式转换和打印信息 二.语法 openssl rsa [-inform PEM|NET|DER] [-outform PEM|NET|DER] [-in fil ...

  8. Openssl pkeyutl命令

    一.简介 pkeyutl命令能够测试所支持的密钥算法的性能 二.语法 openssl rsautl [-in file] [-out file] [-sigfile file] [-inkey fil ...

  9. Openssl gendsa命令

    一.简介 gendsa命令能够根据DSA密钥参数生成DSA密钥 二.语法 openssl gendsa [-out filename] [-passout out] [-rand file(s)] [ ...

随机推荐

  1. Android 从上层到底层-----app层

    CPU:RK3288 系统:Android 5.1 功能:上层 app 控制 led 亮灭 开发板:Firefly RK3288 MainActivity.java package com.aaron ...

  2. ASP.NET Ajax 客户端框架未能加载、"Sys"未定义

    在Windows Server 2003 系统上部署asp.net项目出现以下问题: IIS为6.0 导致菜单控件的图片显示不出来: WebSite:程序中的图片显示正常. 但用到ASP.net 2. ...

  3. 今天使用VS2012遇到一个问题:"链接器工具错误 LNK2026 XXX模块对于 SAFESEH 映像是不安全的"

    今天使用VS2012遇到一个问题:"链接器工具错误 LNK2026 XXX模块对于 SAFESEH 映像是不安全的"   解决方法: 1.打开该项目的“属性页”对话框. 2.单击“ ...

  4. 【转】Jmeter变量参数化及函数应用

    我们在使用Jmeter录制脚本后,经常会对已录制的脚本进行修改,需要把一些参数使用一些变量替代,Jmeter是支持这些功能的,不过是通过函数实现的.下面举一个简单的例子,使用随机数替代一个参数: 打开 ...

  5. nginx与tomcat整合

    nginx与tomcat整合   1. 在/usr/local/nginx/conf下面添加文件proxy.conf # cat /usr/local/nginx/confg/proxy.conf p ...

  6. 从一个开发的角度看负载均衡和LVS--FullNat

    从一个开发的角度看负载均衡和LVS 在大规模互联网应用中,负载均衡设备是必不可少的一个节点,源于互联网应用的高并发和大流量的冲击压力,我们通常会在服务端部署多个无状态的应用服务器和若干有状态的存储服务 ...

  7. Rhel5.5配置Centos yum源

    ruiy哥,抛砖引玉 当你使用rhel系统时,[大部分数据库中心及政府企业选择linux服务器时通常考虑采购的版本一般不外乎是Rhel红帽及Suse,理由你懂的EcoSystem!]你没有一个红帽网络 ...

  8. 初始mysql语句

    操作文件夹(库) 增 : create database db1 charset utf8; 查 : #查看当前创建的数据库 show create database db1; #查看所有的数据库 s ...

  9. Service和Thread的关系

    Service确实是运行在主线程里的,也就是说如果你在Service里编写了非常耗时的代码,程序必定有问题. Android的后台就是指,它的运行是完全不依赖UI的.即使Activity被销毁,或者程 ...

  10. RocketMQ初探(二)之RocketMQ3.26版本搭建(含简单Demo测试案例)

    作为一名程序猿,要敢于直面各种现实,脾气要好,心态要棒,纵使Bug虐我千百遍,我待它如初恋,方法也有千万种,一条路不行,换条路走走,方向对了,只要前行,总会上了罗马的道. Apache4.x最新版本既 ...