$ openssl x509 -in cert.pem -noout -text | more
$ openssl crl2pkcs7 -nocrl -certfile cacert.pem -out chain.p7b -outform DER
$ openssl ocsp -text -sha256 -issuer cacert.pem -cert ee.pem -url http://host/ejbca/publicweb/status/ocsp -CAfile bundle.pem -VAfile ocsp_cert.pem
Where
- cacert.pem is the Root CA certificate (eg. Root CA or Sub CA certificate)
- ee.pem is the certificate to be validated
- bundle.pem contains the trust chain (eg. Sub CA certificate and the Root CA)
- ocsp_cert.pem is the certificate of the ocsp responder
$ openssl asn1parse -in certificate.pem
737:d=4 hl=3 l= 229 cons: SEQUENCE
740:d=5 hl=2 l= 8 prim: OBJECT :qcStatements
750:d=5 hl=3 l= 216 prim: OCTET STRING [HEX DUMP]:3081D53008060604008E460101300B060604008E4601030201143008060604008E4601043081B1060604008E4601053081A63051164B68747470733A2F2F7777772E616374616C69732E69742F646F63756D656E74692D69742F7473615F646973636C6F737572655F73746174656D656E745F616374616C69735F69742E706466130269743051164B68747470733A2F2F7777772E616374616C69732E69742F646F63756D656E74692D656E2F7473615F646973636C6F737572655F73746174656D656E745F616374616C69735F656E2E7064661302656E
969:d=4 hl=4 l= 398 cons: SEQUENCE
973:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies
$ echo "3081D53008060604008E460101300B060604008E4601030201143008060604008E4601043081B1060604008E4601053081A63051164B68747470733A2F2F7777772E616374616C69732E69742F646F63756D656E74692D69742F7473615F646973636C6F737572655F73746174656D656E745F616374616C69735F69742E706466130269743051164B68747470733A2F2F7777772E616374616C69732E69742F646F63756D656E74692D656E2F7473615F646973636C6F737572655F73746174656D656E745F616374616C69735F656E2E7064661302656E" > qc.hex
$ cat qc.hex | xxd -r -p | base64 > qc.pem
$ openssl asn1parse -in qc.pem
0:d=0 hl=3 l= 213 cons: SEQUENCE
3:d=1 hl=2 l= 8 cons: SEQUENCE
5:d=2 hl=2 l= 6 prim: OBJECT :0.4.0.1862.1.1
13:d=1 hl=2 l= 11 cons: SEQUENCE
15:d=2 hl=2 l= 6 prim: OBJECT :0.4.0.1862.1.3
23:d=2 hl=2 l= 1 prim: INTEGER :14
26:d=1 hl=2 l= 8 cons: SEQUENCE
28:d=2 hl=2 l= 6 prim: OBJECT :0.4.0.1862.1.4
36:d=1 hl=3 l= 177 cons: SEQUENCE
39:d=2 hl=2 l= 6 prim: OBJECT :0.4.0.1862.1.5
47:d=2 hl=3 l= 166 cons: SEQUENCE
50:d=3 hl=2 l= 81 cons: SEQUENCE
52:d=4 hl=2 l= 75 prim: IA5STRING :https://www.actalis.it/documenti-it/tsa_disclosure_statement_actalis_it.pdf
129:d=4 hl=2 l= 2 prim: PRINTABLESTRING :it
133:d=3 hl=2 l= 81 cons: SEQUENCE
135:d=4 hl=2 l= 75 prim: IA5STRING :https://www.actalis.it/documenti-en/tsa_disclosure_statement_actalis_en.pdf
212:d=4 hl=2 l= 2 prim: PRINTABLESTRING :en