Skip to content

Instantly share code, notes, and snippets.

View vanbroup's full-sized avatar

Paul van Brouwershaven vanbroup

View GitHub Profile
vanbroup / pem-to-p7b.go
Created June 23, 2021 09:45
Convert PEM certificates to PKCS7 bundle (.p7b)
package main
import (
vanbroup / ca-hierarchy-ocsp-test.go
Last active January 20, 2024 10:54
Script to create a CA hierarchy with delegated OCSP responder certificates to test the effects on different combinations of OCSP Signing EKU settings
// certutil -urlcache * delete
// certutil -verify -user -urlfetch "Server Certificate.cer"
package main
import (
vanbroup /
Created April 6, 2018 08:48
Create a POST OCSP request from an OCSP GET request URL
echo MFIwUKADAgEAMEkwRzBFMAkGBSsOAwIaBQAEFNHxtXb57sDBD3r8fDEkqcNiXXxhBBTqTnzUgC3lFYGGJoyCbcCYpM+XDwIMPVGgldv/1vnVuWtZ | base64 --decode > ocsp.req
# Print OCSP request
openssl ocsp -text -reqin ocsp.req
# Make OCSP request
curl -v -o ocsp.resp --data-binary @ocsp.req -H "Content-Type: application/ocsp-request" --url --header "Host:"
# Print OCSP response
openssl ocsp -noverify -text -respin ocsp.resp
vanbroup /
Last active March 15, 2021 13:30
Making an OCSP request with OpenSSL using the issuer certificate and serial number and replay it with CURL for debugging
# Make an OCSP request with CURL using the issuer certificate and serial number
openssl ocsp -noverify -no_nonce -respout ocsp.resp -reqout ocsp.req -issuer issuer.pem -serial "0x11219f92c6b10baba606ac6c7eb0474898f6" -text -url -header ''
# Replay the OCSP request via CURL showing request and response headers for debugggin
curl -v -o curl.resp --data-binary @ocsp.req -H "Content-Type: application/ocsp-request" --url --header ""
vanbroup /
Created March 19, 2018 12:43
Make an OCSP request with bash via OpenSSL and and obtain the certificate (chain) from the TLS handshake, replay the request with CURL.
if [ "$#" -ne 1 ]; then
echo "No hostname given to obtain certificate status"
echo "\tuse: $0"
exit 1
# make sure that this script runs with the time zone GMT
export TZ=GMT
# swap the root directy every reload to make sure that
# the config alines with the files actually served
curdir=`cat lastroot.txt`
newdir=`expr $curdir + 1`
olddir=`expr $curdir - 1`
* Just a quick and dirty API example for DNS verification
* Create a Private key
$dn = array(