Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@waja

waja/check_ocsp_class1_startssl

Created January 6, 2014 12:26
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save waja/8282171 to your computer and use it in GitHub Desktop.
Save waja/8282171 to your computer and use it in GitHub Desktop.
Download ZIP
Check the status of the ocsp responder (here the class1 startssl variant). The -header option (supported by recent openssl versions) is needed for fixing HTTP/1.1, see http://www.math.ucla.edu/~jimc/documents/bugfix/21-openssl-ocsp.html!
Raw
check_ocsp_class1_startssl
#!/bin/sh
wget -q http://www.startssl.com/certs/sub.class1.server.ca.pem -O /tmp/sub.class1.server.ca.pem; \
openssl ocsp -CAfile /tmp/sub.class1.server.ca.pem -issuer /tmp/sub.class1.server.ca.pem \
-url http://ocsp.startssl.com/sub/class1/server/ca -noverify -no_nonce \
-header "HOST" "ocsp.startssl.com" -cert ${1}
@szepeviktor
Copy link

Thank you.

#!/bin/sh
#
# Display OCSP response.
#

# StartSSL Class 1
STARTSSL_CA_URL_CLASS1="http://www.startssl.com/certs/sub.class1.server.ca.pem"
STARTSSL_CA_CLASS1="./sub.class1.server.ca.pem"
STARTSSL_OCSP_URL_CLASS1="http://ocsp.startssl.com/sub/class1/server/ca"
STARTSSL_OCSP_HOST="ocsp.startssl.com"

CERT="$1"

[ -f "$CERT" ] || exit 1

if ! [ -r "$STARTSSL_CA_CLASS1" ]; then
    wget -nv -O "$STARTSSL_CA_CLASS1" "$STARTSSL_CA_URL_CLASS1"
fi

openssl ocsp -no_nonce \
    -CAfile "$STARTSSL_CA_CLASS1" -issuer "$STARTSSL_CA_CLASS1" \
    -header "Host" "$STARTSSL_OCSP_HOST" -url "$STARTSSL_OCSP_URL_CLASS1" \
    -cert "$CERT"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment